186 matches found
CVE-2019-7698
An issue was discovered in AP4Array::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095...
CVE-2019-7148
An attempted excessive memory allocation was discovered in the function readlongnames in elfbegin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers...
CVE-2019-7148
An attempted excessive memory allocation was discovered in the function readlongnames in elfbegin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers...
libIEC61850 Resource Management Error Vulnerability (CNVD-2019-43852)
libIEC61850 is an open source library for IEC 61850. A security vulnerability exists in Memorymalloc and Memorycalloc in the hal/memory/libmemory.c file in libIEC61850 version 1.3.1. An attacker can exploit this vulnerability to cause a denial of service memory leak...
CVE-2018-16865
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash...
Bento4 Excessive Memory Allocation Vulnerability (CNVD-2019-07053)
Bento4 is a C++ class library and tool for reading and writing ISO-MP4 files. An excessive memory allocation vulnerability in the AP4DataBuffer class in Bento4 1.5.1-627 when called from AP4HvccAtom::Create in Core/Ap4HvccAtom.cpp can be exploited by an attacker to cause a denial of service...
Critical: java-1.8.0-openjdk
Issue Overview: Unbounded memory allocation during deserialization in Container AWT, 8189989 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161...
CVE-2018-10114
An issue was discovered in GEGL through 0.3.32. The geglbufferiteratereadsimple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service write access violation or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions ...
EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1059)
According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java...
Integer overflow
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service Fortran application crash via vectors related to array allocation...
OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2017-14988
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service excessive memory allocation via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe tha...
USN-3422-1 linux vulnerabilities
It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that the asynchronous I/O aio...
CVE-2017-13147
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value...
CVE-2017-9778
GNU Debugger GDB 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB...
Moderate: Red Hat Security Advisory: qemu-kvm-rhev security update
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
The vulnerability of the Firefox OS operating system allows a hacker to trigger a service failure.
The vulnerability of the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the Firefox OS operating system is related to buffer overflows caused by integer overflows. Exploiting this vulnerability could allow a malicious actor to cause service failures by setting the buffer size...
CVE-2013-4933
The netmonopen function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service application crash via a crafted packet-trace file...
CVE-2013-3134
CVE-2013-3134 is a remote code execution vulnerability in the Common Language Runtime (CLR) of Microsoft .NET Framework on 64-bit platforms. The issue arises from how the CLR allocates arrays of structures, permitting an attacker to craft a .NET application that alters array data to execute arbit...
CVE-2013-3134
The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array...