ImageMagick has stack write buffer overflow in MNG encoder

A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. ==2265506==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec4971310 at pc 0x55e671b8a072 bp 0x7ffec4970f70 sp...

CVE-2025-58150 x86: buffer overrun with shadow paging + tracing

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...

CVE-2026-22853 FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

UBUNTU-CVE-2025-59730

When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...

CVE-2025-54878

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...

CVE-2025-54878

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...

MediaTek Chipsets 缓冲区错误漏洞

MediaTek Chipsets are a variety of chips from China's MediaTek Corporation MediaTek. A buffer error vulnerability exists in MediaTek Chipsets, which stems from the V5 DA module containing a missing bounds-checking issue that could lead to out-of-bounds writes...

CVE-2024-41595

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations...

CVE-2023-21169

In inviteInternal of p2piface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

UNISOC Chipsets 缓冲区错误漏洞

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC Chipsets ext4fsfilter driver module, which stems from a lack of bounds checking, leading to out-of-bounds reads...

Qualcomm 芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is often fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip wlan driver, which stems...

MediaTek 芯片 缓冲区错误漏洞

MediaTek Chipsets are a variety of chips from MediaTek, a Chinese company MediaTek. A buffer error vulnerability exists in MediaTek Chipsets that stems from a lack of bounds checking in the gpu drm, which could result in a stack overflow, which could lead to a local privilege escalation that...

UNISOC chipset 缓冲区错误漏洞

The UNISOC chipset is an integrated circuit chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in the UNISOC chipset, which stems from a lack of bounds checking in the wlan driver, which could lead to a local denial of service in the wlan service...

ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string

The ntfs3g package is susceptible to a heap overflow on crafted unicode input. When processing NTFS unicode input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2020-36435

An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks...

CVE-2021-3588

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

DEBIAN-CVE-2019-15166

lmpprintdatalinksubobjs in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks...

UBUNTU-CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

Null pointer dereference

In avrcctrlparsvendorrsp of avrcparsct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1...