CVE-2019-19648
Summary
| CVE | CVE-2019-19648 |
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-12-09 01:15:00 UTC |
| Updated | 2023-11-07 03:07:00 UTC |
| Description | In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Out-of-Bounds Memory Access in macho module · Issue #1178 · VirusTotal/yara · GitHub |
MISC |
github.com |
Exploit, Third Party Advisory |
| [SECURITY] Fedora 34 Update: yara-4.1.0-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 33 Update: python-yara-4.1.0-1.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: yara-4.1.0-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 33 Update: python-yara-4.1.0-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 281241 Fedora Security Update for python (FEDORA-2021-f41d5fc954)
- 281242 Fedora Security Update for python (FEDORA-2021-dd62918333)