Security Bulletin 26 Oct 2022 – Cyber Security Agency of Singapore

CVE Number Description Base Score Reference CVE-2018-3839 An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-3839 CVE-2019-7280 Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session…
Source link