CVE-2019-19648

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

packagechannelchannel versionpkg versionstatus
yara
nixos-unstable
2020-02-09 19:20:46 UTC (8130f3)3.11.0vulnerable
2020-01-31 22:35:47 UTC (a21c2f)3.11.0vulnerable
2020-01-31 03:40:27 UTC (8539d5)3.11.0vulnerable
2020-01-27 15:15:42 UTC (e59dcf)3.11.0vulnerable
2020-01-26 13:55:23 UTC (73a59a)3.11.0vulnerable
2020-01-26 02:00:18 UTC (8a9807)3.11.0vulnerable
2020-01-24 12:40:44 UTC (05626c)3.11.0vulnerable
2020-01-23 12:40:25 UTC (d1ba7d)3.11.0vulnerable
2020-01-22 11:20:35 UTC (90441b)3.11.0vulnerable
2020-01-22 02:25:38 UTC (f37db1)3.11.0vulnerable
2020-01-21 07:35:39 UTC (a65f33)3.11.0vulnerable
2020-01-20 03:15:32 UTC (bea1a2)3.11.0vulnerable
2020-01-18 10:35:34 UTC (c438ce)3.11.0vulnerable
2020-01-17 08:15:31 UTC (2628f2)3.11.0vulnerable
2020-01-16 20:30:28 UTC (d5e9b7)3.11.0vulnerable
2020-01-15 07:35:45 UTC (7184df)3.11.0vulnerable
2020-01-12 17:10:37 UTC (100012)3.11.0vulnerable
2020-01-12 04:35:18 UTC (aa561c)3.11.0vulnerable
2020-01-11 08:25:20 UTC (e41347)3.11.0vulnerable
2020-01-09 02:55:25 UTC (e1eedf)3.11.0vulnerable
2020-01-07 08:20:27 UTC (9beb0d)3.11.0vulnerable
2020-01-05 23:45:32 UTC (2e8fc9)3.11.0vulnerable
2020-01-04 10:30:42 UTC (e0470e)3.11.0vulnerable
2019-12-27 17:25:29 UTC (b0bbac)3.11.0vulnerable
2019-12-24 14:15:43 UTC (a06925)3.11.0vulnerable
2019-12-23 15:10:32 UTC (eeaf1f)3.11.0vulnerable
2019-12-23 01:55:35 UTC (00915d)3.11.0vulnerable
2019-12-22 01:45:20 UTC (f5bb6c)3.11.0vulnerable
2019-12-18 17:15:45 UTC (d94268)3.11.0vulnerable
2019-12-18 02:35:23 UTC (352f03)3.11.0vulnerable
2019-12-17 09:50:29 UTC (863658)3.11.0vulnerable
2019-12-09 12:37:43 UTC (3140fa)3.11.0vulnerable
2019-11-19 17:55:36 UTC (e89b21)3.11.0vulnerable
2019-11-16 10:50:41 UTC (c19665)3.11.0vulnerable