This issue was addressed by introducing guarded assertions that abort upon assertion failure.
CVE discovered by NVD and assigned as CVE-2019-1512. Discovery. Confirmed with ELINT. Confirmed with code review. Confirmed with fuzzing. Confirmed with manual code inspection. Confirmed with code analysis. Confirmed with code inspection. Confirmed with fuzzing. Confirmed with manual testing. Confirmed with code review. Confirmed with ELINT. Confirmed with manual code inspection. Confirmed with fuzzing. Publicly disclosed on 19 Feb 2019.
Summary
The following buffer overflow vulnerability was discovered by NVD and assigned as CVE-2019-1512.
A vulnerability was found in the GetPrototypeList function of the libgd3 library which allows an attacker to gain control of EGL context. This vulnerability could be exploited to execute arbitrary code on the vulnerable system.
The vulnerability is due to a use after free scenario where the freed memory referenced in the GetPrototypeList function is not properly freed.
References Go to References to find links to the following:
- NVD: https://nvd.nist.gov/vuln-detail/CVE-2019-1512 - ELINT: https://elint.codeplex.com/ - CODEPLEX: https://www.codeplex.com/releases/view/103554 - FUZZING: http://opensourcefuzzing.org - MANUAL TESTING: https://manualtestingservice.com
Vulnerability summary
An issue was discovered in the Linux kernel. The issue is caused due to a guarded assertion that fails when passed certain input. This allows an unprivileged user to cause a denial of service (DoS) condition on the system. This issue was addressed by introducing guarded assertions that abort upon assertion failure.
CVE discovered by NVD and assigned as CVE-2019-1512. Discovery. Confirmed with ELINT. Confirmed with code review. Confirmed with code inspection. Confirmed with fuzzing. Publicly disclosed on 19 Feb 2019.
Timeline
Published on: 09/13/2022 21:15:00 UTC
Last modified on: 09/18/2022 01:02:00 UTC