cvelistv5 - CVE-2019-19451

CVE-2019-19451 (GCVE-0-2019-19451)

Vulnerability from cvelistv5

Published

2019-11-29 22:54

Modified

2024-08-05 02:16

Severity ?

CWE

Summary

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html	Broken Link, Mailing List, Third Party Advisory
cve@mitre.org	https://gitlab.gnome.org/GNOME/dia/issues/428	Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html	Broken Link, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.gnome.org/GNOME/dia/issues/428	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:47.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
          },
          {
            "name": "openSUSE-SU-2020:0021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
          },
          {
            "name": "FEDORA-2020-cbc0754798",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/"
          },
          {
            "name": "FEDORA-2020-1fe0e08c8d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-15T02:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
        },
        {
          "name": "openSUSE-SU-2020:0021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
        },
        {
          "name": "FEDORA-2020-cbc0754798",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/"
        },
        {
          "name": "FEDORA-2020-1fe0e08c8d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.gnome.org/GNOME/dia/issues/428",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
            },
            {
              "name": "openSUSE-SU-2020:0021",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
            },
            {
              "name": "FEDORA-2020-cbc0754798",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/"
            },
            {
              "name": "FEDORA-2020-1fe0e08c8d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19451",
    "datePublished": "2019-11-29T22:54:03",
    "dateReserved": "2019-11-29T00:00:00",
    "dateUpdated": "2024-08-05T02:16:47.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-19451\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-11-29T23:15:10.960\",\"lastModified\":\"2024-11-21T04:34:45.633\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.\"},{\"lang\":\"es\",\"value\":\"Cuando GNOME Dia antes del 27-11-2019 es iniciado con un argumento de nombre de archivo que no es una posici\u00f3n de c\u00f3digo v\u00e1lida en la codificaci\u00f3n actual, ingresa en un bucle sin fin, por lo que escribe texto de forma indefinida en stdout. Si este inicio proviene de un servicio de im\u00e1genes miniaturas, esta salida generalmente se escribir\u00e1 en el disco mediante la capacidad de registro del sistema (potencialmente con privilegios elevados), llenando as\u00ed el disco y eventualmente renderizando el sistema inutilizable. (El nombre de archivo puede ser para un archivo inexistente). Nota: Esto no afecta a una versi\u00f3n anterior, pero afecta ciertos paquetes de distribuci\u00f3n de Linux con n\u00fameros de versi\u00f3n tales como 0.97.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:dia:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-11-27\",\"matchCriteriaId\":\"611D1AA7-7F88-44B9-8D66-C3C0768F81CC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.gnome.org/GNOME/dia/issues/428\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.gnome.org/GNOME/dia/issues/428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2019-19451

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-19451

Aliases

CVE-2019-19451

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19451",
    "description": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.",
    "id": "GSD-2019-19451",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-19451.html",
      "https://advisories.mageia.org/CVE-2019-19451.html",
      "https://security.archlinux.org/CVE-2019-19451"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19451"
      ],
      "details": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.",
      "id": "GSD-2019-19451",
      "modified": "2023-12-13T01:23:54.648407Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-19451",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gitlab.gnome.org/GNOME/dia/issues/428",
            "refsource": "MISC",
            "url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
          },
          {
            "name": "openSUSE-SU-2020:0021",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
          },
          {
            "name": "FEDORA-2020-cbc0754798",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/"
          },
          {
            "name": "FEDORA-2020-1fe0e08c8d",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnome:dia:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019-11-27",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19451"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-835"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.gnome.org/GNOME/dia/issues/428",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
            },
            {
              "name": "openSUSE-SU-2020:0021",
              "refsource": "SUSE",
              "tags": [
                "Broken Link",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
            },
            {
              "name": "FEDORA-2020-cbc0754798",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/"
            },
            {
              "name": "FEDORA-2020-1fe0e08c8d",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-07T17:52Z",
      "publishedDate": "2019-11-29T23:15Z"
    }
  }
}

fkie_cve-2019-19451

Vulnerability from fkie_nvd

Published

2019-11-29 23:15

Modified

2024-11-21 04:34

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html	Broken Link, Mailing List, Third Party Advisory
cve@mitre.org	https://gitlab.gnome.org/GNOME/dia/issues/428	Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html	Broken Link, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.gnome.org/GNOME/dia/issues/428	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/

Impacted products

Vendor	Product	Version
gnome	dia	*
fedoraproject	fedora	32
fedoraproject	fedora	33
opensuse	leap	15.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:dia:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "611D1AA7-7F88-44B9-8D66-C3C0768F81CC",
              "versionEndExcluding": "2019-11-27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3."
    },
    {
      "lang": "es",
      "value": "Cuando GNOME Dia antes del 27-11-2019 es iniciado con un argumento de nombre de archivo que no es una posici\u00f3n de c\u00f3digo v\u00e1lida en la codificaci\u00f3n actual, ingresa en un bucle sin fin, por lo que escribe texto de forma indefinida en stdout. Si este inicio proviene de un servicio de im\u00e1genes miniaturas, esta salida generalmente se escribir\u00e1 en el disco mediante la capacidad de registro del sistema (potencialmente con privilegios elevados), llenando as\u00ed el disco y eventualmente renderizando el sistema inutilizable. (El nombre de archivo puede ser para un archivo inexistente). Nota: Esto no afecta a una versi\u00f3n anterior, pero afecta ciertos paquetes de distribuci\u00f3n de Linux con n\u00fameros de versi\u00f3n tales como 0.97.3."
    }
  ],
  "id": "CVE-2019-19451",
  "lastModified": "2024-11-21T04:34:45.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-29T23:15:10.960",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

suse-su-2019:3391-1

Vulnerability from csaf_suse

Published

2019-12-27 12:33

Modified

2019-12-27 12:33

Summary

Security update for dia

Notes

Title of the patch

Security update for dia

Description of the patch

This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194).

Patchnames

SUSE-2019-3391,SUSE-SLE-Product-WE-15-2019-3391,SUSE-SLE-Product-WE-15-SP1-2019-3391

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for dia",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for dia fixes the following issue:\n\n- CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-3391,SUSE-SLE-Product-WE-15-2019-3391,SUSE-SLE-Product-WE-15-SP1-2019-3391",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3391-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:3391-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193391-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:3391-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193391-1.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1158194",
        "url": "https://bugzilla.suse.com/1158194"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19451 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19451/"
      }
    ],
    "title": "Security update for dia",
    "tracking": {
      "current_release_date": "2019-12-27T12:33:18Z",
      "generator": {
        "date": "2019-12-27T12:33:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:3391-1",
      "initial_release_date": "2019-12-27T12:33:18Z",
      "revision_history": [
        {
          "date": "2019-12-27T12:33:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-4.3.3.aarch64",
                "product": {
                  "name": "dia-0.97.3-4.3.3.aarch64",
                  "product_id": "dia-0.97.3-4.3.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-4.3.3.i586",
                "product": {
                  "name": "dia-0.97.3-4.3.3.i586",
                  "product_id": "dia-0.97.3-4.3.3.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-lang-0.97.3-4.3.3.noarch",
                "product": {
                  "name": "dia-lang-0.97.3-4.3.3.noarch",
                  "product_id": "dia-lang-0.97.3-4.3.3.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-4.3.3.ppc64le",
                "product": {
                  "name": "dia-0.97.3-4.3.3.ppc64le",
                  "product_id": "dia-0.97.3-4.3.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-4.3.3.s390x",
                "product": {
                  "name": "dia-0.97.3-4.3.3.s390x",
                  "product_id": "dia-0.97.3-4.3.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-4.3.3.x86_64",
                "product": {
                  "name": "dia-0.97.3-4.3.3.x86_64",
                  "product_id": "dia-0.97.3-4.3.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Workstation Extension 15",
                "product": {
                  "name": "SUSE Linux Enterprise Workstation Extension 15",
                  "product_id": "SUSE Linux Enterprise Workstation Extension 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-we:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Workstation Extension 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Workstation Extension 15 SP1",
                  "product_id": "SUSE Linux Enterprise Workstation Extension 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-we:15:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-4.3.3.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15",
          "product_id": "SUSE Linux Enterprise Workstation Extension 15:dia-0.97.3-4.3.3.x86_64"
        },
        "product_reference": "dia-0.97.3-4.3.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-lang-0.97.3-4.3.3.noarch as component of SUSE Linux Enterprise Workstation Extension 15",
          "product_id": "SUSE Linux Enterprise Workstation Extension 15:dia-lang-0.97.3-4.3.3.noarch"
        },
        "product_reference": "dia-lang-0.97.3-4.3.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-4.3.3.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP1",
          "product_id": "SUSE Linux Enterprise Workstation Extension 15 SP1:dia-0.97.3-4.3.3.x86_64"
        },
        "product_reference": "dia-0.97.3-4.3.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-lang-0.97.3-4.3.3.noarch as component of SUSE Linux Enterprise Workstation Extension 15 SP1",
          "product_id": "SUSE Linux Enterprise Workstation Extension 15 SP1:dia-lang-0.97.3-4.3.3.noarch"
        },
        "product_reference": "dia-lang-0.97.3-4.3.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19451",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19451"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Workstation Extension 15 SP1:dia-0.97.3-4.3.3.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15 SP1:dia-lang-0.97.3-4.3.3.noarch",
          "SUSE Linux Enterprise Workstation Extension 15:dia-0.97.3-4.3.3.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:dia-lang-0.97.3-4.3.3.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19451",
          "url": "https://www.suse.com/security/cve/CVE-2019-19451"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158194 for CVE-2019-19451",
          "url": "https://bugzilla.suse.com/1158194"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Workstation Extension 15 SP1:dia-0.97.3-4.3.3.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15 SP1:dia-lang-0.97.3-4.3.3.noarch",
            "SUSE Linux Enterprise Workstation Extension 15:dia-0.97.3-4.3.3.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:dia-lang-0.97.3-4.3.3.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Workstation Extension 15 SP1:dia-0.97.3-4.3.3.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15 SP1:dia-lang-0.97.3-4.3.3.noarch",
            "SUSE Linux Enterprise Workstation Extension 15:dia-0.97.3-4.3.3.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:dia-lang-0.97.3-4.3.3.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-12-27T12:33:18Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-19451"
    }
  ]
}

suse-su-2019:3390-1

Vulnerability from csaf_suse

Published

2019-12-27 12:33

Modified

2019-12-27 12:33

Summary

Security update for dia

Notes

Title of the patch

Security update for dia

Description of the patch

This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194).

Patchnames

SUSE-2019-3390,SUSE-SLE-DESKTOP-12-SP4-2019-3390,SUSE-SLE-SDK-12-SP4-2019-3390,SUSE-SLE-SDK-12-SP5-2019-3390,SUSE-SLE-WE-12-SP4-2019-3390,SUSE-SLE-WE-12-SP5-2019-3390

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for dia",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for dia fixes the following issue:\n  \n- CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-3390,SUSE-SLE-DESKTOP-12-SP4-2019-3390,SUSE-SLE-SDK-12-SP4-2019-3390,SUSE-SLE-SDK-12-SP5-2019-3390,SUSE-SLE-WE-12-SP4-2019-3390,SUSE-SLE-WE-12-SP5-2019-3390",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3390-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:3390-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193390-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:3390-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-December/006289.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1158194",
        "url": "https://bugzilla.suse.com/1158194"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19451 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19451/"
      }
    ],
    "title": "Security update for dia",
    "tracking": {
      "current_release_date": "2019-12-27T12:33:09Z",
      "generator": {
        "date": "2019-12-27T12:33:09Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:3390-1",
      "initial_release_date": "2019-12-27T12:33:09Z",
      "revision_history": [
        {
          "date": "2019-12-27T12:33:09Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-17.4.1.aarch64",
                "product": {
                  "name": "dia-0.97.3-17.4.1.aarch64",
                  "product_id": "dia-0.97.3-17.4.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-17.4.1.i586",
                "product": {
                  "name": "dia-0.97.3-17.4.1.i586",
                  "product_id": "dia-0.97.3-17.4.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-lang-0.97.3-17.4.1.noarch",
                "product": {
                  "name": "dia-lang-0.97.3-17.4.1.noarch",
                  "product_id": "dia-lang-0.97.3-17.4.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-17.4.1.ppc64le",
                "product": {
                  "name": "dia-0.97.3-17.4.1.ppc64le",
                  "product_id": "dia-0.97.3-17.4.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-17.4.1.s390",
                "product": {
                  "name": "dia-0.97.3-17.4.1.s390",
                  "product_id": "dia-0.97.3-17.4.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-17.4.1.s390x",
                "product": {
                  "name": "dia-0.97.3-17.4.1.s390x",
                  "product_id": "dia-0.97.3-17.4.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-17.4.1.x86_64",
                "product": {
                  "name": "dia-0.97.3-17.4.1.x86_64",
                  "product_id": "dia-0.97.3-17.4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP4",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Workstation Extension 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Workstation Extension 12 SP4",
                  "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-we:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
                  "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-we:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP4:dia-0.97.3-17.4.1.x86_64"
        },
        "product_reference": "dia-0.97.3-17.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-lang-0.97.3-17.4.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP4:dia-lang-0.97.3-17.4.1.noarch"
        },
        "product_reference": "dia-lang-0.97.3-17.4.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.aarch64"
        },
        "product_reference": "dia-0.97.3-17.4.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.ppc64le"
        },
        "product_reference": "dia-0.97.3-17.4.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.s390x"
        },
        "product_reference": "dia-0.97.3-17.4.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.x86_64"
        },
        "product_reference": "dia-0.97.3-17.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.aarch64"
        },
        "product_reference": "dia-0.97.3-17.4.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.ppc64le"
        },
        "product_reference": "dia-0.97.3-17.4.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.s390x"
        },
        "product_reference": "dia-0.97.3-17.4.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.x86_64"
        },
        "product_reference": "dia-0.97.3-17.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP4",
          "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP4:dia-0.97.3-17.4.1.x86_64"
        },
        "product_reference": "dia-0.97.3-17.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-lang-0.97.3-17.4.1.noarch as component of SUSE Linux Enterprise Workstation Extension 12 SP4",
          "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP4:dia-lang-0.97.3-17.4.1.noarch"
        },
        "product_reference": "dia-lang-0.97.3-17.4.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-17.4.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
          "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:dia-0.97.3-17.4.1.x86_64"
        },
        "product_reference": "dia-0.97.3-17.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-lang-0.97.3-17.4.1.noarch as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
          "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:dia-lang-0.97.3-17.4.1.noarch"
        },
        "product_reference": "dia-lang-0.97.3-17.4.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19451",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19451"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP4:dia-0.97.3-17.4.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:dia-lang-0.97.3-17.4.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.x86_64",
          "SUSE Linux Enterprise Workstation Extension 12 SP4:dia-0.97.3-17.4.1.x86_64",
          "SUSE Linux Enterprise Workstation Extension 12 SP4:dia-lang-0.97.3-17.4.1.noarch",
          "SUSE Linux Enterprise Workstation Extension 12 SP5:dia-0.97.3-17.4.1.x86_64",
          "SUSE Linux Enterprise Workstation Extension 12 SP5:dia-lang-0.97.3-17.4.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19451",
          "url": "https://www.suse.com/security/cve/CVE-2019-19451"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158194 for CVE-2019-19451",
          "url": "https://bugzilla.suse.com/1158194"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP4:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:dia-lang-0.97.3-17.4.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP4:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP4:dia-lang-0.97.3-17.4.1.noarch",
            "SUSE Linux Enterprise Workstation Extension 12 SP5:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP5:dia-lang-0.97.3-17.4.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP4:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:dia-lang-0.97.3-17.4.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP4:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP4:dia-lang-0.97.3-17.4.1.noarch",
            "SUSE Linux Enterprise Workstation Extension 12 SP5:dia-0.97.3-17.4.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP5:dia-lang-0.97.3-17.4.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-12-27T12:33:09Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-19451"
    }
  ]
}

opensuse-su-2020:0021-1

Vulnerability from csaf_opensuse

Published

2020-01-13 15:18

Modified

2020-01-13 15:18

Summary

Security update for dia

Notes

Title of the patch

Security update for dia

Description of the patch

This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames

openSUSE-2020-21

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for dia",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for dia fixes the following issue:\n\n- CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-21",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0021-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0021-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WWHLCBQWAFNK3TKCBR2HORDXGYOHJCPL/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0021-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WWHLCBQWAFNK3TKCBR2HORDXGYOHJCPL/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1158194",
        "url": "https://bugzilla.suse.com/1158194"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19451 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19451/"
      }
    ],
    "title": "Security update for dia",
    "tracking": {
      "current_release_date": "2020-01-13T15:18:06Z",
      "generator": {
        "date": "2020-01-13T15:18:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0021-1",
      "initial_release_date": "2020-01-13T15:18:06Z",
      "revision_history": [
        {
          "date": "2020-01-13T15:18:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-lang-0.97.3-lp151.4.3.1.noarch",
                "product": {
                  "name": "dia-lang-0.97.3-lp151.4.3.1.noarch",
                  "product_id": "dia-lang-0.97.3-lp151.4.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dia-0.97.3-lp151.4.3.1.x86_64",
                "product": {
                  "name": "dia-0.97.3-lp151.4.3.1.x86_64",
                  "product_id": "dia-0.97.3-lp151.4.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-0.97.3-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:dia-0.97.3-lp151.4.3.1.x86_64"
        },
        "product_reference": "dia-0.97.3-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dia-lang-0.97.3-lp151.4.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:dia-lang-0.97.3-lp151.4.3.1.noarch"
        },
        "product_reference": "dia-lang-0.97.3-lp151.4.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19451",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19451"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:dia-0.97.3-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:dia-lang-0.97.3-lp151.4.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19451",
          "url": "https://www.suse.com/security/cve/CVE-2019-19451"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158194 for CVE-2019-19451",
          "url": "https://bugzilla.suse.com/1158194"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:dia-0.97.3-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:dia-lang-0.97.3-lp151.4.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:dia-0.97.3-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:dia-lang-0.97.3-lp151.4.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-13T15:18:06Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-19451"
    }
  ]
}

ghsa-4vq3-2rwv-w7mg

Vulnerability from github

Published

2022-05-24 17:02

Modified

2022-10-07 18:15

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19451"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-29T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system\u0027s logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.",
  "id": "GHSA-4vq3-2rwv-w7mg",
  "modified": "2022-10-07T18:15:43Z",
  "published": "2022-05-24T17:02:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19451"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/dia/issues/428"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KTGLGWHINMTDRFL7RZAJZJM5YSVXUXWW"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2020-00508

Vulnerability from cnvd

Title: GNOME Dia存在未明漏洞

Description:

GNOME Dia是一款用于绘制结构化图形的程序。

GNOME Dia 2019-11-27之前版本中存在安全漏洞。攻击者可利用该漏洞造成系统不可用。

Severity: 中

Patch Name: GNOME Dia存在未明漏洞的补丁

Patch Description:

GNOME Dia是一款用于绘制结构化图形的程序。

GNOME Dia 2019-11-27之前版本中存在安全漏洞。攻击者可利用该漏洞造成系统不可用。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/GNOME/dia

Reference: https://gitlab.gnome.org/GNOME/dia/issues/428

Impacted products

Name
GNOME Dia <2019-11-27

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19451"
    }
  },
  "description": "GNOME Dia\u662f\u4e00\u6b3e\u7528\u4e8e\u7ed8\u5236\u7ed3\u6784\u5316\u56fe\u5f62\u7684\u7a0b\u5e8f\u3002\n\nGNOME Dia 2019-11-27\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u4e0d\u53ef\u7528\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/GNOME/dia",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-00508",
  "openTime": "2020-01-03",
  "patchDescription": "GNOME Dia\u662f\u4e00\u6b3e\u7528\u4e8e\u7ed8\u5236\u7ed3\u6784\u5316\u56fe\u5f62\u7684\u7a0b\u5e8f\u3002\r\n\r\nGNOME Dia 2019-11-27\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u4e0d\u53ef\u7528\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNOME Dia\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GNOME Dia \u003c2019-11-27"
  },
  "referenceLink": "https://gitlab.gnome.org/GNOME/dia/issues/428",
  "serverity": "\u4e2d",
  "submitTime": "2019-12-02",
  "title": "GNOME Dia\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-19451 (GCVE-0-2019-19451)

Vulnerability from cvelistv5

gsd-2019-19451

Vulnerability from gsd

fkie_cve-2019-19451

Vulnerability from fkie_nvd

suse-su-2019:3391-1

Vulnerability from csaf_suse

suse-su-2019:3390-1

Vulnerability from csaf_suse

opensuse-su-2020:0021-1

Vulnerability from csaf_opensuse

ghsa-4vq3-2rwv-w7mg

Vulnerability from github

cnvd-2020-00508

Vulnerability from cnvd

Tags

Sightings

Nomenclature