An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

...

ALPINE-CVE-2016-7167

Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...

CVE-2014-9671

Off-by-one error in the pcfgetproperties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted PCF file with a 0xffffffff size value that is improperly incremented...

UBUNTU-CVE-2014-9671

Off-by-one error in the pcfgetproperties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted PCF file with a 0xffffffff size value that is improperly incremented...

Integer overflow

Integer overflow in the zipreadentry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow...

PHP Zip_Entry_Read()整数溢出漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP zipreadentry函数存在整数溢出问题，远程攻击者可利用此漏洞以应用程序权限执行任意指令。 zipreadentry函数没有对提供的长度参数进行任何检查，因此当增加一个字节到终止ASCIIZ字符时会在内存分配时出现整数溢出： buf = emalloclen + 1; ret = zzipreadentry-fp, buf, len; bufret = 0; 当提供的长度为0xffffffff，分配内存块会变成0字节大小。而之后会从ZIP档中读取4GB数据到内存块，造成覆盖分配的内存数据可能导致任意指令执行。 PHP PHP...