A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1946314 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1946314

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939149 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939149

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.

MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939160 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939160

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939159 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939159

A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.

MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939145 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939145

There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.

MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939144

There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.

MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939142 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939142

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.

MISC:https://support.lenovo.com/us/en/product_security/LEN-52117 | URL:https://support.lenovo.com/us/en/product_security/LEN-52117

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.

MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1943623 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1943623