Vulnerability Summary for the Week of September 4, 2017
Total Page:16
File Type:pdf, Size:1020Kb
Vulnerability Summary for the Week of September 4, 2017 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 High Vulnerabilities CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be CVE-2017- invoked multiple times if there is more than 14170 one applicable data segment in the crafted 2017-09- CONFIRM(lin ffmpeg -- ffmpeg MXF file. 07 7.1 k is external) In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is CVE-2017- provided, the loop over 'table_entries_used' 14171 would consume huge CPU resources, since 2017-09- CONFIRM(lin ffmpeg -- ffmpeg there is no EOF check inside the loop. 07 7.1 k is external) CVE-2017- fujixerox -- Untrusted search path vulnerability in 10851 contentsbridge_util Installer for ContentsBridge Utility for 2017-09- CONFIRM(lin ity Windows 7.4.0 and earlier allows an attacker 01 9.3 k is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info to gain privileges via a Trojan horse DLL in JVN(link is an unspecified directory. external) Untrusted search path vulnerability in CVE-2017- Installers for DocuWorks 8.0.7 and earlier 10848 and DocuWorks Viewer Light published in CONFIRM(lin Jul 2017 and earlier allows an attacker to gain k is external) fujixerox -- privileges via a Trojan horse DLL in an 2017-09- JVN(link is docuworks unspecified directory. 01 9.3 external) CVE-2017- Untrusted search path vulnerability in Self- 10849 extracting document generated by CONFIRM(lin DocuWorks 8.0.7 and earlier allows an k is external) fujixerox -- attacker to gain privileges via a Trojan horse 2017-09- JVN(link is docuworks DLL in an unspecified directory. 01 9.3 external) CVE-2017- 14108 libgedit.a in GNOME gedit through 3.22.1 MISC(link is allows remote attackers to cause a denial of external) service (CPU consumption) via a file that 2017-09- MISC(link is gnome -- gedit begins with many '\0' characters. 05 7.1 external) HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginControlle CVE-2017- r.php via the admin/login/getWarningInfo/id/ 14145 helpdezk -- PATH_INFO, related to the selectWarning 2017-09- MISC(link is helpdezk function. 05 7.5 external) The ReadOneLayer function in coders/xcf.c CVE-2017- in ImageMagick 7.0.6-6 allows remote 12691 imagemagick -- attackers to cause a denial of service (memory 2017-09- CONFIRM(lin imagemagick consumption) via a crafted file. 01 7.1 k is external) The ReadVIFFImage function in coders/viff.c CVE-2017- in ImageMagick 7.0.6-6 allows remote 12692 imagemagick -- attackers to cause a denial of service (memory 2017-09- CONFIRM(lin imagemagick consumption) via a crafted VIFF file. 01 7.1 k is external) The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows CVE-2017- remote attackers to cause a denial of service 12693 imagemagick -- (memory consumption) via a crafted BMP 2017-09- CONFIRM(lin imagemagick file. 01 7.1 k is external) ReadWEBPImage in coders/webp.c in CVE-2017- ImageMagick 7.0.6-5 has an issue where 14137 imagemagick -- memory allocation is excessive because it 2017-09- CONFIRM(lin imagemagick depends only on a length field in a header. 04 7.5 k is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in CVE-2017- coders/webp.c because memory is not freed in 14138 imagemagick -- certain error cases, as demonstrated by VP8 2017-09- CONFIRM(lin imagemagick errors. 04 7.5 k is external) In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which CVE-2017- claims a large "extent" field in the header but 14172 does not contain sufficient backing data, is CONFIRM(lin provided, the loop over "length" would k is external) imagemagick -- consume huge CPU resources, since there is 2017-09- CONFIRM(lin imagemagick no EOF check inside the loop. 07 7.1 k is external) In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might CVE-2017- cause huge CPU consumption. When a 14174 crafted PSD file, which claims a large CONFIRM(lin "length" field in the header but does not k is external) contain sufficient backing data, is provided, CONFIRM(lin the loop over "length" would consume huge k is external) imagemagick -- CPU resources, since there is no EOF check 2017-09- CONFIRM(lin imagemagick inside the loop. 07 7.1 k is external) In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and CVE-2017- columns fields in the header but does not 14175 contain sufficient backing data, is provided, CONFIRM(lin the loop over the rows would consume huge k is external) imagemagick -- CPU resources, since there is no EOF check 2017-09- CONFIRM(lin imagemagick inside the loop. 07 7.1 k is external) A Code Injection vulnerability in the non- certificate-based authentication mechanism in CVE-2017- McAfee Live Safe versions prior to 16.0.3 3897 and McAfee Security Scan Plus (MSS+) CONFIRM(lin versions prior to 3.11.599.3 allows network k is external) mcafee -- attackers to perform a malicious file 2017-09- BID(link is security_scan_plus execution via a HTTP backend-response. 01 7.5 external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain CVE-2015- sensitive information from or (2) modify 7746 netapp -- volumes via vectors related to UTF-8 in the 2017-09- CONFIRM(lin data_ontap volume language. 01 7.5 k is external) CVE-2017- 10829 Untrusted search path vulnerability in Remote CONFIRM(lin Support Tool (Enkaku Support Tool) All k is external) versions distributed through the website till MISC(link is ntt -- 2017 August 10 allow an attacker to gain external) enkaku_support_to privileges via a Trojan horse DLL in an 2017-09- JVN(link is ol unspecified directory. 01 9.3 external) CVE-2017- 14122 unrar 0.0.1 (aka unrar-free or unrar-gpl) MISC(link is suffers from a stack-based buffer over-read in 2017-09- external) rarlab -- unrar unrarlib.c, related to ExtrFile and stricomp. 03 7.5 MISC CVE-2015- 5948 MLIST(link is external) MISC(link is external) Race condition in SuiteCRM before 7.2.3 CONFIRM(lin allows remote attackers to execute arbitrary k is external) salesagility -- code. NOTE: this vulnerability exists because 2017-09- CONFIRM(lin suitecrm of an incomplete fix for CVE-2015-5947. 06 9.3 k is external) CVE-2015- 7241 MISC(link is external) BUGTRAQ(li nk is external) BID(link is external) EXPLOIT- XML External Entity (XXE) vulnerability in 2017-09- DB(link is sap -- netweaver SAP Netweaver before 7.01. 06 7.5 external) Scrapy 1.4 allows remote attackers to cause a 2017-09- CVE-2017- scrapy -- scrapy denial of service (memory consumption) via 05 7.8 14158 CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info large files because arbitrarily many files are MISC(link is read into memory, which is especially external) problematic if the files are then individually MISC(link is written in a separate thread to a slow storage external) resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore. The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to CVE-2017- conduct session fixation attacks or possibly 12868 bypass authentication by leveraging missing CONFIRM(lin simplesamlphp -- character conversions before an XOR 2017-09- k is external) simplesamlphp operation. 01 7.5 CONFIRM SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive CVE-2017- information, gain unauthorized access, or 12873 have unspecified other impacts by leveraging CONFIRM(lin simplesamlphp -- incorrect persistent NameID generation when 2017-09- k is external) simplesamlphp an Identity Provider (IdP) is misconfigured.