When an attacker provides a crafted file, ASAN is able to detect memory leaks. This can be exploited to cause a denial of service by exhausting system memory.
CVE Reference: https://asan.fyi/mfUJ
Memory Leaks in the Convert Command in ImageMagick
GitLab 9.7 is vulnerable to remote code execution when administrators add a user with the “backup” role.
If an attacker is able to add a user with the “backup” role, they will be able to execute arbitrary code on the GitLab server.
CVE Reference: https://gitlab.com/ aspnet/CVE/
GitLAB Remote Code Execution Vulnerability
ASAN is able to detect a memory leak in the libavformat library (ver 17.2) in libavformat-ffmpeg.so. in FFmpeg. When an attacker provides a crafted file, ASAN is able to detect a memory leak in FFmpeg. This can be exploited to cause a denial of service by exhausting system memory.
CVE Reference: https://asan.fyi/mfUJ
ASAN is able to detect a memory leak in the libavformat library (ver 17.2) in libavformat-ffmpeg.so. in FFmpeg. When an attacker provides a crafted file, ASAN is able to detect a memory leak in FF
GitLab 9.6 Self-Defense
: The SQL Injection
In GitLab 9.6, an attacker can exploit a SQL injection vulnerability to execute arbitrary code on the server.
If an attacker is able to exploit this vulnerability, they will be able to execute arbitrary code on the server.
CVE Reference: https://gitlab.com/ aspnet/CVE/
GitLab
Remote Code Execution Vulnerability
If an attacker is able to add a user with the “backup” role, they will be able to execute arbitrary code on the GitLab server.
Timeline
Published on: 08/26/2022 16:15:00 UTC
Last modified on: 09/22/2022 03:15:00 UTC
References
- https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792
- https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9
- https://github.com/ImageMagick/ImageMagick/issues/3540
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3574