Open armorcodegithubpreprod[bot] opened 3 months ago
Finding [47833479|https://preprod.armorcode.ai/#/findings/257/1167/47833479], [47833379|https://preprod.armorcode.ai/#/findings/257/1167/47833379], [47833478|https://preprod.armorcode.ai/#/findings/257/1167/47833478], [47833469|https://preprod.armorcode.ai/#/findings/257/1167/47833469], [47833528|https://preprod.armorcode.ai/#/findings/257/1167/47833528], [47833482|https://preprod.armorcode.ai/#/findings/257/1167/47833482], [47833382|https://preprod.armorcode.ai/#/findings/257/1167/47833382], [47833385|https://preprod.armorcode.ai/#/findings/257/1167/47833385], [47833473|https://preprod.armorcode.ai/#/findings/257/1167/47833473], [47833475|https://preprod.armorcode.ai/#/findings/257/1167/47833475], [47833486|https://preprod.armorcode.ai/#/findings/257/1167/47833486], [47833474|https://preprod.armorcode.ai/#/findings/257/1167/47833474], [47833540|https://preprod.armorcode.ai/#/findings/257/1167/47833540], [47833496|https://preprod.armorcode.ai/#/findings/257/1167/47833496], [47833477|https://preprod.armorcode.ai/#/findings/257/1167/47833477], [47833476|https://preprod.armorcode.ai/#/findings/257/1167/47833476] are Mitigated
by SYSTEM via ArmorCode Platform
Finding [47833382|https://preprod.armorcode.ai/#/findings/257/1167/47833382] , [47833474|https://preprod.armorcode.ai/#/findings/257/1167/47833474] , [47833476|https://preprod.armorcode.ai/#/findings/257/1167/47833476] , [47833477|https://preprod.armorcode.ai/#/findings/257/1167/47833477] , [47833540|https://preprod.armorcode.ai/#/findings/257/1167/47833540] , [47833475|https://preprod.armorcode.ai/#/findings/257/1167/47833475] , [47833379|https://preprod.armorcode.ai/#/findings/257/1167/47833379] , [47833469|https://preprod.armorcode.ai/#/findings/257/1167/47833469] , [47833479|https://preprod.armorcode.ai/#/findings/257/1167/47833479] , [47833482|https://preprod.armorcode.ai/#/findings/257/1167/47833482] , [47833486|https://preprod.armorcode.ai/#/findings/257/1167/47833486] , [47833496|https://preprod.armorcode.ai/#/findings/257/1167/47833496] , [47833385|https://preprod.armorcode.ai/#/findings/257/1167/47833385] , [47833473|https://preprod.armorcode.ai/#/findings/257/1167/47833473] , [47833528|https://preprod.armorcode.ai/#/findings/257/1167/47833528] , [47833478|https://preprod.armorcode.ai/#/findings/257/1167/47833478] status changed to Confirmed
Note:
by SYSTEM via ArmorCode Platform
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:NULL Pointer Dereference
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
tiff
package.An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
cairo
package.Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
tiff
package.LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
ncurses
package.In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libsndfile
package.An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libjpeg-turbo
package.libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
tar
package.pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
gdk-pixbuf
package.gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active