#author("2024-07-14T06:27:46+00:00","default:yoya","yoya")
[[Security]] > [[CVE]]
#contents


* ImageMagick [#imagemagick]

- [[CVE/ImageMagick]]

* GhostScript [#ghostscript]

- [[CVE/GhostScript]]


* JPEG [#jpeg]

** thorfdbg/libjpeg (JPEG LS 開発レポジトリ、JPEG 完全版?) [#d7a8d286]

- https://github.com/thorfdbg/libjpeg

- [[CVE-2022-37769]] HuffmanDecoder::Get DoS
- [[CVE-2023-37836]] BitMapHook::BitMapHook DoS

* PNG [#png]

- [[CVE-2022-3857]]

* TIFF [#tiff]

- [[CVE-2023-2731]] LZWDecode DoS
- [[CVE-2023-40745]] libtiff <= 4.5.1 RCE
- [[CVE-2023-52355]] TIFFRasterScanlineSize64

* WebP [#webp]

- [[CVE-2023-4863]]
- CVE-2023-5129 (REJECTED)  CVE-2023-4863 と同じ
- [[CVE-2023-5217]] - libvpx の方の脆弱性

- 最近の重要な libwebp および libvpx の脆弱性に関するガイダンス
--  https://www.akamai.com/ja/blog/security-research/guidance-on-critical-chrome-vulnerabilities-libwebp-and-libvpx

* OpenSSH [#openssh]

- [[CVE-2006-5051]]
- [[CVE-2024-6387]] - CVE-2006-5051 の再発
- [[CVE-2024-6409]] - CVE-2024-6387 のレビューで判明

* Apache [#apache]

- [[CVE-2024-39884]]

* PHP [#php]

- [[CVE-2024-4577]]

* VirusBuster [#virusbuster]

- [[CVE-2023-28929]]

* XZ-Utils  liblzma [#xz]

- [[CVE-2024-3094]] sshd にバックドアが作られる

*. [#n8d85e52]

- 初心者でもCVE番号を取れるかもしれないガイド
--  https://qiita.com/yousukezan/items/7d48b7e3f43def57c407