-
Notifications
You must be signed in to change notification settings - Fork 0
VulnerableRepos
http://www.libpng.org
libpng is a popular graphics library.
The file pngpread.c is the subject of vulnerability CVE-2017-12652, which is labeled as a critical vulnerability in the National Vulnerability Database.
The vulnerability was fixed in August of 2017 in release 1.6.32.
(maybe commit 2dca15686fadb1b8951cb29b02bad4cae73448da)
https://www.sqlite.org
SQLite is a public domain database engine which claims to be the most used database engine in the world.
The file select.c is suject to vulnerability CVE-2020-15358, which is a newly published critical vulnerability. It was fixed in release 3.32.3 of SQLite in June of 2020
www.github.com/lz4/lz
LZ4 is a widely-used lossless compression algorithm.
It is subject to a heap-based buffer overflow in releases prior to 1.9.2 as described in CVE-2019-17543. The vulnerability is fixed by commit cad81093cd805110291f84d64d385557d0ffba.
https://github.com/Shopify/quilt/pull/1455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8176
This vulnerability is particularly interesting as quilt is a set of packages for boostrapping JS/TS apps at Shopify.
File in question fixed: https://github.com/Shopify/quilt/pull/1455/commits/8cce0f87cc1a5eff1a934120d24ba3eaf65f7610
https://nvd.nist.gov/vuln/detail/CVE-2018-17962
https://github.com/qemu/qemu/blob/master/hw/net/pcnet.c
buffer overflow vulnerability
https://github.com/qemu/qemu/commit/b1d80d12c5f7ff081bb80ab4f4241d4248691192
b1d80d12c5f7ff081bb80ab4f4241d4248691192 is the commit that fixes the vulnerability