Back to search
CVE-2019-19648
Published: Dec 9, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/VirusTotal/yara/issues/1178
x_refsource_MISC
FEDORA-2021-f41d5fc954
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-dd62918333
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now