Top 5 New Open Source Vulnerabilities in February 2019

It has been said that March comes in like a lion and goes out like a lamb. It’s still early to determine how accurately that applies to this month, but one thing is certain: February’s list of top five open source security vulnerabilities reveals some gnarly and highly critical beasts.

Once again, our knowledge team sorted through all of the new issues added to WhiteSource’s database in February to choose the top five new open source vulnerabilities published in February that you should know about. The database automatically aggregates open source vulnerabilities published in several respected community resources like the National Vulnerability Database (NVD), and other publicly available, peer-reviewed security advisories and issue trackers.

This list contains some highly critical issues found in some of the most popular open source components out there. Luckily, the open source community is doing a great job of discovering and fixing issues. Now it’s up to us to stay in the know and make sure that we aren’t using any vulnerable or outdated versions of open source components in our applications. To give you a bit of a head start, here is our list of the top five new open source security vulnerabilities in February.


#1 Android bta_ag_parse_cmer of


Vulnerability Score: Critical — 9.8

Affected versions: Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1, and Android-9

Coming in at number one is this highly critical issue from an extremely popular open source project that you might have heard of.

A possible out-of-bounds write was found in bta_ag_parse_cmer of in Android, due to a missing bounds check. This could lead to a Remote Code Execution attack.

According to Android’s security bulletin, a hacker could exploit (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: