Search
Find a vulnerability
Search criteria
6 vulnerabilities by sdl
CVE-2018-19371 (GCVE-0-2018-19371)
Vulnerability from nvd – Published: 2019-01-02 18:00 – Updated: 2024-08-05 11:37
VLAI
EPSS
VEX
Summary
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/150826/SDL-W… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46000/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html"
},
{
"name": "46000",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46000/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-02T17:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html"
},
{
"name": "46000",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46000/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html"
},
{
"name": "46000",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46000/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19371",
"datePublished": "2019-01-02T18:00:00.000Z",
"dateReserved": "2018-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:11.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0544 (GCVE-0-2008-0544)
Vulnerability from nvd – Published: 2008-02-01 19:41 – Updated: 2024-08-07 07:46
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2008-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27435",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27435"
},
{
"name": "28869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28752"
},
{
"name": "sdlimage-imgloadlbmrw-bo(39899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341\u0026r2=3521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"name": "29542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521\u0026view=markup"
},
{
"name": "DSA-1493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "28640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28830"
},
{
"name": "GLSA-200802-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"name": "USN-595-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27435",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27435"
},
{
"name": "28869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28752"
},
{
"name": "sdlimage-imgloadlbmrw-bo(39899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341\u0026r2=3521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"name": "29542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521\u0026view=markup"
},
{
"name": "DSA-1493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "28640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28830"
},
{
"name": "GLSA-200802-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"name": "USN-595-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27435"
},
{
"name": "28869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28752"
},
{
"name": "sdlimage-imgloadlbmrw-bo(39899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39899"
},
{
"name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341\u0026r2=3521",
"refsource": "CONFIRM",
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341\u0026r2=3521"
},
{
"name": "https://issues.rpath.com/browse/RPL-2206",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=207933",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"name": "29542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29542"
},
{
"name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521\u0026view=markup"
},
{
"name": "DSA-1493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "28640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28640"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28830"
},
{
"name": "GLSA-200802-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"name": "USN-595-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0544",
"datePublished": "2008-02-01T19:41:00.000Z",
"dateReserved": "2008-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:55.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6697 (GCVE-0-2007-6697)
Vulnerability from nvd – Published: 2008-02-01 19:41 – Updated: 2024-08-07 16:18
VLAI
EPSS
VEX
Summary
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
24 references
Date Public
2007-12-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970\u0026r2=3462"
},
{
"name": "sdlimage-gif-bo(39865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39865"
},
{
"name": "28869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462\u0026view=markup"
},
{
"name": "29542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29542"
},
{
"name": "DSA-1493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "27417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27417"
},
{
"name": "28640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28830"
},
{
"name": "20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120110205511630\u0026w=2"
},
{
"name": "GLSA-200802-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vexillium.org/?sec-sdlgif"
},
{
"name": "USN-595-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
},
{
"name": "28837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28837"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970\u0026r2=3462"
},
{
"name": "sdlimage-gif-bo(39865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39865"
},
{
"name": "28869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462\u0026view=markup"
},
{
"name": "29542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29542"
},
{
"name": "DSA-1493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "27417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27417"
},
{
"name": "28640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28830"
},
{
"name": "20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120110205511630\u0026w=2"
},
{
"name": "GLSA-200802-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vexillium.org/?sec-sdlgif"
},
{
"name": "USN-595-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
},
{
"name": "28837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28837"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970\u0026r2=3462",
"refsource": "CONFIRM",
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970\u0026r2=3462"
},
{
"name": "sdlimage-gif-bo(39865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39865"
},
{
"name": "28869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28752"
},
{
"name": "https://issues.rpath.com/browse/RPL-2206",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=207933",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462\u0026view=markup"
},
{
"name": "29542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29542"
},
{
"name": "DSA-1493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "27417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27417"
},
{
"name": "28640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28640"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28830"
},
{
"name": "20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=120110205511630\u0026w=2"
},
{
"name": "GLSA-200802-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"name": "http://vexillium.org/?sec-sdlgif",
"refsource": "MISC",
"url": "http://vexillium.org/?sec-sdlgif"
},
{
"name": "USN-595-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
},
{
"name": "28837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28837"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6697",
"datePublished": "2008-02-01T19:41:00.000Z",
"dateReserved": "2008-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19371 (GCVE-0-2018-19371)
Vulnerability from cvelistv5 – Published: 2019-01-02 18:00 – Updated: 2024-08-05 11:37
VLAI
EPSS
VEX
Summary
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/150826/SDL-W… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46000/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html"
},
{
"name": "46000",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46000/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-02T17:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html"
},
{
"name": "46000",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46000/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html"
},
{
"name": "46000",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46000/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19371",
"datePublished": "2019-01-02T18:00:00.000Z",
"dateReserved": "2018-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:11.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0544 (GCVE-0-2008-0544)
Vulnerability from cvelistv5 – Published: 2008-02-01 19:41 – Updated: 2024-08-07 07:46
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2008-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27435",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27435"
},
{
"name": "28869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28752"
},
{
"name": "sdlimage-imgloadlbmrw-bo(39899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341\u0026r2=3521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"name": "29542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521\u0026view=markup"
},
{
"name": "DSA-1493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "28640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28830"
},
{
"name": "GLSA-200802-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"name": "USN-595-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27435",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27435"
},
{
"name": "28869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28752"
},
{
"name": "sdlimage-imgloadlbmrw-bo(39899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341\u0026r2=3521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"name": "29542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521\u0026view=markup"
},
{
"name": "DSA-1493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "28640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28830"
},
{
"name": "GLSA-200802-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"name": "USN-595-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27435"
},
{
"name": "28869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28752"
},
{
"name": "sdlimage-imgloadlbmrw-bo(39899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39899"
},
{
"name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341\u0026r2=3521",
"refsource": "CONFIRM",
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341\u0026r2=3521"
},
{
"name": "https://issues.rpath.com/browse/RPL-2206",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=207933",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"name": "29542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29542"
},
{
"name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521\u0026view=markup"
},
{
"name": "DSA-1493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "28640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28640"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28830"
},
{
"name": "GLSA-200802-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"name": "USN-595-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0544",
"datePublished": "2008-02-01T19:41:00.000Z",
"dateReserved": "2008-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:55.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6697 (GCVE-0-2007-6697)
Vulnerability from cvelistv5 – Published: 2008-02-01 19:41 – Updated: 2024-08-07 16:18
VLAI
EPSS
VEX
Summary
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
24 references
Date Public
2007-12-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970\u0026r2=3462"
},
{
"name": "sdlimage-gif-bo(39865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39865"
},
{
"name": "28869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462\u0026view=markup"
},
{
"name": "29542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29542"
},
{
"name": "DSA-1493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "27417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27417"
},
{
"name": "28640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28830"
},
{
"name": "20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120110205511630\u0026w=2"
},
{
"name": "GLSA-200802-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vexillium.org/?sec-sdlgif"
},
{
"name": "USN-595-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
},
{
"name": "28837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28837"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970\u0026r2=3462"
},
{
"name": "sdlimage-gif-bo(39865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39865"
},
{
"name": "28869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462\u0026view=markup"
},
{
"name": "29542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29542"
},
{
"name": "DSA-1493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "27417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27417"
},
{
"name": "28640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28830"
},
{
"name": "20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120110205511630\u0026w=2"
},
{
"name": "GLSA-200802-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vexillium.org/?sec-sdlgif"
},
{
"name": "USN-595-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
},
{
"name": "28837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28837"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970\u0026r2=3462",
"refsource": "CONFIRM",
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970\u0026r2=3462"
},
{
"name": "sdlimage-gif-bo(39865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39865"
},
{
"name": "28869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28869"
},
{
"name": "28850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28850"
},
{
"name": "FEDORA-2008-1208",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html"
},
{
"name": "28752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28752"
},
{
"name": "https://issues.rpath.com/browse/RPL-2206",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2206"
},
{
"name": "FEDORA-2008-1231",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=207933",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207933"
},
{
"name": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462\u0026view=markup"
},
{
"name": "29542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29542"
},
{
"name": "DSA-1493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1493"
},
{
"name": "27417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27417"
},
{
"name": "28640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28640"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0061"
},
{
"name": "20080213 rPSA-2008-0061-1 SDL_image",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488079/100/0/threaded"
},
{
"name": "28830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28830"
},
{
"name": "20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=120110205511630\u0026w=2"
},
{
"name": "GLSA-200802-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml"
},
{
"name": "http://vexillium.org/?sec-sdlgif",
"refsource": "MISC",
"url": "http://vexillium.org/?sec-sdlgif"
},
{
"name": "USN-595-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-595-1"
},
{
"name": "ADV-2008-0266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0266"
},
{
"name": "MDVSA-2008:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:040"
},
{
"name": "28837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28837"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6697",
"datePublished": "2008-02-01T19:41:00.000Z",
"dateReserved": "2008-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}