[Bug 1858744] [NEW] heap-buffer-overflow on jhead(v3.03, v3.04)/jpgqguess.c:109 process_DQT

Public bug reported: Heap-buffer-overflow while running jhead(v3.03, v3.04). I can not confirm if this bug is needed to patch. Deatil log as follow: (POC in attachment) lbb@lbb ./jhead/jhead ./input/id_m075 Nonfatal Error : './input/id_m075' Suspicious offset of first Exif IFD value Nonfatal Err

[Bug 1858746] [NEW] heap-buffer-overflow on jhead-3.04/exif.c:336 Get32s

Public bug reported: heap-buffer-overflow on jhead-3.04/exif.c:336 Get32s when we run ./jhead ./input/poc. lbb@lbb ./jhead ./input/id_043 Nonfatal Error : './input/id_043' Suspicious offset of first Exif IFD value Nonfatal Error : './input/id_043' Maximum Exif directory nesting exceeded (corrup

[Bug 1858744] Re: heap-buffer-overflow on jhead(v3.03, v3.04)/jpgqguess.c:109 process_DQT

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6624 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1858744 Title: heap-buffer-overflow on jhead(v3.03, v3.04)/jpgqguess.c:109 proc

[Bug 1858746] Re: heap-buffer-overflow on jhead-3.04/exif.c:336 Get32s

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6625 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1858746 Title: heap-buffer-overflow on jhead-3.04/exif.c:336 Get32s To manage no

[Bug 1859149] [NEW] Stack-buffer-overflow in matio-1.5.17/src/mat5.c:4856 Mat_VarReadNextInfo5

Public bug reported: Stack-buffer-overflow while running motio-1.5.17. I can not confirm if this bug is needed to patch. Deatil log as follow: (POC in attachment) lbb@lbb: ./bin/matdump poc_m00 InflateRankDims: inflate returned data error =

[Bug 1859149] Re: Stack-buffer-overflow in matio-1.5.17/src/mat5.c:4856 Mat_VarReadNextInfo5

** Attachment added: "This is a POC" https://bugs.launchpad.net/ubuntu/+source/libmatio/+bug/1859149/+attachment/5319068/+files/poc_m00 ** Description changed: - lbb@lbb:/matio-1.5.17/build$ ./bin/matdump poc_m00 + Stack-buffer-overflow while running motio-1.5.17. I can not confirm if + this

[Bug 1859263] [NEW] SEGV in matio-1.5.17/src/mat.c:1558 Mat_VarFree

Public bug reported: SEGV in matio-1.5.17/src/mat.c:1558 Mat_VarFree. Detial log as flollow: (POC in attachment) lbb@lbb: ./matio-1.5.17/build/bin/matdump poc_m017 InflateData: inflate returned data error InflateData: inflate returned data error ... InflateSkip: inflate returned data error Infla

[Bug 1859263] Re: SEGV in matio-1.5.17/src/mat.c:1558 Mat_VarFree

** Attachment added: "POC" https://bugs.launchpad.net/ubuntu/+source/libmatio/+bug/1859263/+attachment/5319199/+files/poc_m017 ** Description changed: SEGV in matio-1.5.17/src/mat.c:1558 Mat_VarFree. Detial log as flollow: (POC in attachment) - lbb@lbb: ./matio-1.5.17/build/bin/matdump

[Bug 1859264] [NEW] stack-buffer-overflow in /matio-1.5.17/src/mat5.c:1369 ReadNextStructField

Public bug reported: stack-buffer-overflow in /matio-1.5.17/src/mat5.c:1369 ReadNextStructField. Deatil log as follow: (POC in attachment) lbb@lbb: /matio-1.5.17/build/bin/matdump POC_m010 InflateRankDims: inflate returned data error ==

[Bug 1895806] [NEW] heap-buffer-overflow on jhead(<=2.97, 3.00)/jpgqguess.c:188 in process_DHT

Public bug reported: Heap-buffer-overflow while running jhead(v2.97, v3.00). This bug has been provided patch in >= v3.0.2. But it still exits in v2.97 and v3.00. Deatil log as follow: (POC in attachment) lbb@lbb ./jhead-2.97/jhead ./jhead-2.97/crashes/I5G9X5~S Nonfatal Error : './jhead-2.97/cr