draco:draco_pc_decoder_fuzzer: Heap-use-after-free in draco::Metadata::AddSubMetadata

Detailed Report: https://oss-fuzz.com/testcase?key=6326315129765888 Project: draco Fuzzing Engine: afl Fuzz Target: dracopcdecoderfuzzer Job Type: aflasandraco Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x6040000000b0 Crash State: draco::Metadata::AddSubMetadata...

draco:draco_mesh_decoder_without_dequantization_fuzzer: Crash in std::__1::__tree<std::__1::__value_type<std::__1::basic_string<char, std::__1::c

Detailed Report: https://oss-fuzz.com/testcase?key=5680036234133504 Project: draco Fuzzing Engine: libFuzzer Fuzz Target: dracomeshdecoderwithoutdequantizationfuzzer Job Type: libfuzzerubsandraco Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x010000400000 Crash State: std::1::tree,...

draco:draco_pc_decoder_fuzzer: Heap-use-after-free in void draco::Metadata::AddEntry<std::__1::vector<unsigned char, std::__1::allocat

Detailed Report: https://oss-fuzz.com/testcase?key=5111868163883008 Project: draco Fuzzing Engine: afl Fuzz Target: dracopcdecoderfuzzer Job Type: aflasandraco Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x6040000000d8 Crash State: void...

RIOT buffer overflow vulnerability

RIOT RIOT-OS is a set of operating systems for applications in the IoT field. A buffer error vulnerability exists in the base64 decoder in RIOT version 2020.04, which stems from the program not properly checking boundaries. A remote attacker can exploit this vulnerability to execute arbitrary cod...

Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

CVE-2020-15350

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64decode uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64estimatedecodesize function calculates the expected decoded size...

Buffer overflow

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64decode uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64estimatedecodesize function calculates the expected decoded size...

CVE-2020-15350

The CVE-2020-15350 issue affects RIOT-OS 2020.04 where the base64_decode() path uses base64_estimate_decode_size() to allocate a buffer. The function underestimates the required decoded size due to an arithmetic round‑off and not accounting for potential padding bytes, enabling a potential buffer...

CVE-2020-15350

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64decode uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64estimatedecodesize function calculates the expected decoded size...

OSV-2020-743 Heap-buffer-overflow in uri_decoder

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23818 Crash type: Heap-buffer-overflow READ 1 Crash state: uridecoder guriunescapebytes fuzzuriescape.c...

CVE-2020-15503

CVE-2020-15503 affects LibRaw up to version 0.20-RC1. The vulnerability arises from missing thumbnail size range checks in decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp, enabling potential memory overflow (malloc(sizeof(libraw_processed_image_t)+T.tlength) wit...

OSV-2020-555 Heap-use-after-free in WelsDec::CWelsDecoder::SetOption

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18747 Crash type: Heap-use-after-free WRITE 1 Crash state: WelsDec::CWelsDecoder::SetOption decoderfuzzer.cpp WelsCommon::WelsFree...

ASB-A-142546668

In a2dpvendorldacdecoderdecodepacket of a2dpvendorldacdecoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

Basecrack - Best Decoder Tool For Base Encoding Schemes

BaseCrack is a tool written in Python that can decode all alphanumeric base encoding schemes. This tool can accept single user input, multiple inputs from a file, input from argument, multi-encoded bases and decode them incredibly fast. Decode Base16, Base32, Base36, Base58, Base62, Base64,...

OSV-2020-63 UNKNOWN READ in arrow::BaseBinaryBuilder<arrow::BinaryType>::UnsafeAppend

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20697 Crash type: UNKNOWN READ Crash state: arrow::BaseBinaryBuilder::UnsafeAppend parquet::PlainByteArrayDecoder::DecodeArrowDense parquet::PlainByteArrayDecoder::DecodeArrow...

Buffer overflow

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2020-3663

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

draco:draco_decoder_fuzzer: Crash in std::__1::__tree<std::__1::__value_type<std::__1::basic_string<char, std::__1::c

Project: https://github.com/google/draco.git Detailed Report: https://oss-fuzz.com/testcase?key=5900700302442496 Project: draco Fuzzing Engine: libFuzzer Fuzz Target: dracodecoderfuzzer Job Type: libfuzzerubsandraco Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00007e000000 Crash...

SGN - Encoder Ported Into Go With Several Improvements

SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a additive feedback loop to encode given binary instructions similar to LSFR. This project is the reimplementation of the original Shikata ga nai in golang with...

CVE-2020-14040

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...