332 matches found
libvncserver: websocket decoding buffer overflow
A flaw was found in libvncserver. A heap-based buffer overflow within the websocket decoding functionality is possible, which can lead to exploitation by a malicious attacker to overwrite a function pointer. The highest threat from this vulnerability is to data confidentiality and integrity as we...
PAC Bypass Due To Unprotected Function Pointer Imports Exploit
PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers as well as some data pointers at runtime. However, it seems that imports of function pointers from shared libraries in...
libvncserver: websocket decoding buffer overflow
A flaw was found in libvncserver. A heap-based buffer overflow within the websocket decoding functionality is possible, which can lead to exploitation by a malicious attacker to overwrite a function pointer. The highest threat from this vulnerability is to data confidentiality and integrity as we...
libvncserver: websocket decoding buffer overflow
A flaw was found in libvncserver. A heap-based buffer overflow within the websocket decoding functionality is possible, which can lead to exploitation by a malicious attacker to overwrite a function pointer. The highest threat from this vulnerability is to data confidentiality and integrity as we...
SUSE-SU-2020:1873-1 Security update for LibVNCServer
This update for LibVNCServer fixes the following issues: - CVE-2017-18922: Fixed an issue which could have allowed to an attacker to pre-auth overwrite a function pointer which subsequently used leading to potential remote code execution bsc1173477...
grok:grk_decompress_fuzzer: Incorrect-function-pointer-type in grk_read_header
Detailed Report: https://oss-fuzz.com/testcase?key=6269912481005568 Project: grok Fuzzing Engine: libFuzzer Fuzz Target: grkdecompressfuzzer Job Type: libfuzzerubsangrok Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash State: grkreadheader grkdecompressfuzzer.cp...
Exploit for Type Confusion in Mozilla Firefox
SpiderMonkey - CVE-2019-11707 Bug: https://bugs.chromium.org/...
grok:grk_decompress_fuzzer: Incorrect-function-pointer-type in grk_read_header
Detailed Report: https://oss-fuzz.com/testcase?key=5709008204988416 Project: grok Fuzzing Engine: libFuzzer Fuzz Target: grkdecompressfuzzer Job Type: libfuzzerubsangrok Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash State: grkreadheader grkdecompressfuzzer.cp...
CVE-2019-10612
UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure...
Stack overflow
UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure...
CVE-2019-10612
UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure...
DEBIAN-CVE-2019-17539
In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...
UBUNTU-CVE-2019-17539
In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...
CVE-2019-17539
In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...
CVE-2019-17539
In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...
grpc/api_fuzzer: Incorrect-function-pointer-type in grpc_core::AresDnsResolver::StartResolvingLocked
Project: https://github.com/grpc/grpc.git Detailed report: https://oss-fuzz.com/testcase?key=5752853455437824 Project: grpc Fuzzer: libFuzzergrpcapifuzzer Fuzz target binary: apifuzzer Job Type: libfuzzerubsangrpc Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash...
grpc/api_fuzzer: Incorrect-function-pointer-type in grpc_core::AresDnsResolver::StartResolvingLocked
Project: https://github.com/grpc/grpc.git Detailed report: https://oss-fuzz.com/testcase?key=5635097540165632 Project: grpc Fuzzer: libFuzzergrpcapifuzzer Fuzz target binary: apifuzzer Job Type: libfuzzerubsangrpc Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash...
grpc/api_fuzzer: Incorrect-function-pointer-type in grpc_core::AresDnsResolver::StartResolvingLocked
Project: https://github.com/grpc/grpc.git Detailed report: https://oss-fuzz.com/testcase?key=5168950411788288 Project: grpc Fuzzer: libFuzzergrpcapifuzzer Fuzz target binary: apifuzzer Job Type: libfuzzerubsangrpc Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash...
Design/Logic Flaw
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager fxpc on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to...
CVE-2019-6256
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmdTunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request...