CVE-2019-1010069 - OpenCVE

moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Moinejf	Abcm2ps
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:moinejf:abcm2ps:8.13.20:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S	Exploit Third Party Advisory
https://github.com/leesavide/abcm2ps/issues/18	Exploit Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-18T13:47:25

Updated: 2022-04-17T07:06:15

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010069

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-18T14:15:11.487

Modified: 2022-11-28T22:08:21.157

Link: CVE-2019-1010069

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "abcm2ps", "vendor": "moinejf", "versions": [{"status": "affected", "version": "8.13.20 [fixed: after commit commit 08aef597656d065e86075f3d53fda89765845eae]"}]}], "descriptions": [{"lang": "en", "value": "moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-17T07:06:15", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/leesavide/abcm2ps/issues/18"}, {"name": "[debian-lts-announce] 20220417 [SECURITY] [DLA 2983-1] abcm2ps security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010069", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "abcm2ps", "version": {"version_data": [{"version_value": "8.13.20 [fixed: after commit commit 08aef597656d065e86075f3d53fda89765845eae]"}]}}]}, "vendor_name": "moinejf"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Access Control"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S", "refsource": "MISC", "url": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S"}, {"name": "https://github.com/leesavide/abcm2ps/issues/18", "refsource": "MISC", "url": "https://github.com/leesavide/abcm2ps/issues/18"}, {"name": "[debian-lts-announce] 20220417 [SECURITY] [DLA 2983-1] abcm2ps security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html"}]}}}}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010069", "datePublished": "2019-07-18T13:47:25", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2022-04-17T07:06:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinejf:abcm2ps:8.13.20:*:*:*:*:*:*:*", "matchCriteriaId": "8A6435D0-1117-4C9C-8513-5FC356726608", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae."}, {"lang": "es", "value": "moinejf abcm2ps 8.13.20 se ve afectado por: Control de acceso incorrecto. El impacto es: permite que los atacantes causen un ataque de denegaci\u00f3n de servicio a trav\u00e9s de un archivo creado. El componente es: front.c, funci\u00f3n txt_add. La versi\u00f3n fija es: despu\u00e9s de confirmar el compromiso 08aef597656d065e86075f3d53fda89765845eae."}], "id": "CVE-2019-1010069", "lastModified": "2022-11-28T22:08:21.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-18T14:15:11.487", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S"}, {"source": "josh@bress.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/leesavide/abcm2ps/issues/18"}, {"source": "josh@bress.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}