Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)
Impact
An attacker could cause a denial of service (DoS) or arbitrary code execution if you use cURL to transfer data to or from a Trivial File Transport Protocol (TFTP) server and set the blksize (block size) option to a value below 504 (the default value is 512). Setting a smaller block size than the default should be rare as the primary use case for changing the block size is to make it larger.