Vulnerabilites related to swi-prolog - swi-prolog
cve-2011-2896
Vulnerability from cvelistv5
Published
2011-08-19 17:00
Modified
2024-08-06 23:15
Severity ?
EPSS score ?
Summary
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2426",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"name": "FEDORA-2011-11318",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"name": "GLSA-201209-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cups.org/str.php?L3867"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"name": "USN-1207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"name": "RHSA-2012:1180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48308"
},
{
"name": "DSA-2354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"name": "45948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45948"
},
{
"name": "RHSA-2012:1181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "46024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46024"
},
{
"name": "45900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45900"
},
{
"name": "RHSA-2011:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"name": "FEDORA-2011-11221",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"name": "FEDORA-2011-11173",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
},
{
"name": "49148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"name": "MDVSA-2011:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"name": "FEDORA-2011-11305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"name": "USN-1214-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"name": "50737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"name": "MDVSA-2011:167",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"name": "FEDORA-2011-11197",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"name": "FEDORA-2011-11229",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"name": "48236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48236"
},
{
"name": "1025929",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"name": "45621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45621"
},
{
"name": "45945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2426",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"name": "FEDORA-2011-11318",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"name": "GLSA-201209-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cups.org/str.php?L3867"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"name": "USN-1207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"name": "RHSA-2012:1180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48308"
},
{
"name": "DSA-2354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"name": "45948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45948"
},
{
"name": "RHSA-2012:1181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "46024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46024"
},
{
"name": "45900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45900"
},
{
"name": "RHSA-2011:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"name": "FEDORA-2011-11221",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"name": "FEDORA-2011-11173",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
},
{
"name": "49148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"name": "MDVSA-2011:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"name": "FEDORA-2011-11305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"name": "USN-1214-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"name": "50737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"name": "MDVSA-2011:167",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"name": "FEDORA-2011-11197",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"name": "FEDORA-2011-11229",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"name": "48236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48236"
},
{
"name": "1025929",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"name": "45621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45621"
},
{
"name": "45945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45945"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2896",
"datePublished": "2011-08-19T17:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17524
Vulnerability from cvelistv5
Published
2017-12-14 16:00
Modified
2024-08-05 20:51
Severity ?
EPSS score ?
Summary
library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2017-17524 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-17524",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17524",
"datePublished": "2017-12-14T16:00:00",
"dateReserved": "2017-12-11T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6089
Vulnerability from cvelistv5
Published
2013-01-04 11:00
Modified
2024-09-17 01:55
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2013/01/03/7 | mailing-list, x_refsource_MLIST | |
| https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=891577 | x_refsource_CONFIRM | |
| http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"refsource": "MLIST",
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"name": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c",
"refsource": "CONFIRM",
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6089",
"datePublished": "2013-01-04T11:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:55:59.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6090
Vulnerability from cvelistv5
Published
2013-01-04 11:00
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2013/01/03/7 | mailing-list, x_refsource_MLIST | |
| https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=891577 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e",
"refsource": "CONFIRM",
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"refsource": "MLIST",
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6090",
"datePublished": "2013-01-04T11:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T20:22:34.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-01-04 11:52
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A435FD-F02D-4F82-8C59-16AC1F4769DD",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "564241B5-9462-4C05-AF2A-ED4C5EC735D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A82A01-F922-4729-9B35-736F07991543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "E02861BD-ADD3-42D3-AAC0-F9335A135978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A49328C0-9B01-46B3-AADD-624B631CDD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "08E25B15-1E59-4392-AC7B-B262537A5C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E80AF1-7664-4DE0-B52E-D5CB584EE262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCFFA5-833D-45BF-9770-8A82581D279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3C02C1-9226-4CC8-BA4B-D1C19328A053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "7D985A66-4F0D-4C3B-8C0F-2E8858C4B2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDBDA0E-D2D5-42B5-89F8-F95EF0A6B91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*",
"matchCriteriaId": "626E43DC-F845-441F-9A90-71888D229F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE0E48E-9D35-4576-9594-27E5C369C51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EA7412-1D40-4C76-8D73-8085AB57EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7A4B57-C7FC-4559-BA2E-11142463EA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA641444-79A5-4A35-A9B3-AE849F40A93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49766A51-1012-4DA9-92BA-A7CFF380ABC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B89B6121-EAFA-415E-AEAD-B2E907BDEA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C32CDE03-520D-481E-BAEB-C7B0BCD8AC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE745BFE-7C79-439C-BAE5-2EBD064A9D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A43C5729-1DBA-40D7-AB59-6ECCDAF5DFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9087AA22-11FD-4BEF-86FC-9448A0847E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF09847-8BC4-4EB5-86E2-26915EBC7F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D997B8-9F1C-495E-92F2-8B188C15C0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F39F681-7470-4097-BE61-735FD5EABE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AC616E-355B-4202-BB14-D9D71E5C2DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36CAA985-3A22-47E3-B90B-3C7834A38557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A40CCF-CF41-47CE-8D2C-33A6778E5C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38B14FAB-EFA0-45AC-8873-C833FFF2C965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD24DA73-9B04-4DA5-984C-B6BE8C978DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E478CE71-1CCF-436E-BE61-459B7069D182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FEC3B3-BD24-4973-B782-3840D84EBDA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C1BF1-032F-446D-A16A-EF3C27973AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04D9C3-6F22-4B49-8B65-3209C3093EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CF68B6-D8BF-4695-866F-6DE5267D02F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6122-CD4B-47E7-89EF-DF68DB4A462D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A546B14D-6ADF-472F-ADA7-0486F1E5792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE34F04-351B-4EE4-BF48-5DE355F5915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C68C731-2DE1-483A-A0F8-B11B2C19173B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n expand en os/pl-glob.c en SWI-Prolog anteriores a v6.2.5 y v6.3.x anteriores a v6.3.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicacion) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de un nombre de fichero manipulado."
}
],
"id": "CVE-2012-6090",
"lastModified": "2024-11-21T01:45:48.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T11:52:15.303",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 11:52
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A435FD-F02D-4F82-8C59-16AC1F4769DD",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "564241B5-9462-4C05-AF2A-ED4C5EC735D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A82A01-F922-4729-9B35-736F07991543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "E02861BD-ADD3-42D3-AAC0-F9335A135978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A49328C0-9B01-46B3-AADD-624B631CDD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "08E25B15-1E59-4392-AC7B-B262537A5C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E80AF1-7664-4DE0-B52E-D5CB584EE262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCFFA5-833D-45BF-9770-8A82581D279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3C02C1-9226-4CC8-BA4B-D1C19328A053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "7D985A66-4F0D-4C3B-8C0F-2E8858C4B2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDBDA0E-D2D5-42B5-89F8-F95EF0A6B91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*",
"matchCriteriaId": "626E43DC-F845-441F-9A90-71888D229F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE0E48E-9D35-4576-9594-27E5C369C51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EA7412-1D40-4C76-8D73-8085AB57EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7A4B57-C7FC-4559-BA2E-11142463EA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA641444-79A5-4A35-A9B3-AE849F40A93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49766A51-1012-4DA9-92BA-A7CFF380ABC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B89B6121-EAFA-415E-AEAD-B2E907BDEA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C32CDE03-520D-481E-BAEB-C7B0BCD8AC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE745BFE-7C79-439C-BAE5-2EBD064A9D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A43C5729-1DBA-40D7-AB59-6ECCDAF5DFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9087AA22-11FD-4BEF-86FC-9448A0847E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF09847-8BC4-4EB5-86E2-26915EBC7F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D997B8-9F1C-495E-92F2-8B188C15C0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F39F681-7470-4097-BE61-735FD5EABE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AC616E-355B-4202-BB14-D9D71E5C2DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36CAA985-3A22-47E3-B90B-3C7834A38557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A40CCF-CF41-47CE-8D2C-33A6778E5C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38B14FAB-EFA0-45AC-8873-C833FFF2C965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD24DA73-9B04-4DA5-984C-B6BE8C978DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E478CE71-1CCF-436E-BE61-459B7069D182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FEC3B3-BD24-4973-B782-3840D84EBDA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C1BF1-032F-446D-A16A-EF3C27973AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04D9C3-6F22-4B49-8B65-3209C3093EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CF68B6-D8BF-4695-866F-6DE5267D02F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6122-CD4B-47E7-89EF-DF68DB4A462D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A546B14D-6ADF-472F-ADA7-0486F1E5792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE34F04-351B-4EE4-BF48-5DE355F5915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C68C731-2DE1-483A-A0F8-B11B2C19173B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n canoniseFileName en os/pl-os.c en SWI-Prolog anteriores a v6.2.5 y v6.3.x anteriores a v6.3.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de un nombre de fichero manipulado."
}
],
"id": "CVE-2012-6089",
"lastModified": "2024-11-21T01:45:47.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T11:52:15.257",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-14 16:29
Modified
2024-11-21 03:18
Severity ?
Summary
library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2017-17524 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2017-17524 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| swi-prolog | swi-prolog | 7.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0F8D56-1FB3-46B1-9178-6AE894D36536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
},
{
"lang": "es",
"value": "library/www_browser.pl en SWI-Prolog 7.2.3 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podr\u00eda permitir que atacantes remotos lleven a cabo ataques de inyecci\u00f3n de argumentos mediante una URL manipulada."
}
],
"id": "CVE-2017-17524",
"lastModified": "2024-11-21T03:18:05.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-14T16:29:00.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-19 17:55
Modified
2024-11-21 01:29
Severity ?
Summary
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| swi-prolog | swi-prolog | * | |
| apple | cups | * | |
| gimp | gimp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "306F1543-3DA7-4374-9705-0702A78E9A87",
"versionEndIncluding": "5.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "580C1D10-6677-4636-9626-7B4FA3CFEA5C",
"versionEndIncluding": "1.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F771B1-B26F-4429-AC0F-ED8C2740B1F9",
"versionEndIncluding": "2.6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."
},
{
"lang": "es",
"value": "El descompresor LZW en (1) la funci\u00f3n LWZReadByte en giftoppm.c en el David Koblas GIF decoder en PBMPLUS, tal y como se utiliza en la funci\u00f3n gif_read_lzw en filter/image-gif.c en CUPS antes de la versi\u00f3n v1.4.7, (2) la funci\u00f3n LZWReadByte en plug-ins/common/file-gif-load.c en GIMP v2.6.11 y anteriores, (3) la funci\u00f3n LZWReadByte en img/gifread.c en XPCE en SWI-Prolog v5.10.4 y anteriores, y (4) otros productos, no controla correctamente las palabras de c\u00f3digo que est\u00e1n ausentes de la tabla de descompresi\u00f3n, lo que permite provocar a atacantes remotos un bucle infinito o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), y posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de un flujo o fichero comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2895.\r\n"
}
],
"id": "CVE-2011-2896",
"lastModified": "2024-11-21T01:29:13.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-08-19T17:55:03.317",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cups.org/str.php?L3867"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45621"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45900"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45945"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45948"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/46024"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48308"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/50737"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cups.org/str.php?L3867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/46024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/50737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}