UBUNTU-CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

libbpg VideoLAN x265 Denial of Service Vulnerability

libbpg is a new image format library. videoLAN x265 is one of the H.265 video format libraries. A denial of service vulnerability exists in the 'CUData::initialize' function in the common/cudata.cpp file of VideoLAN x265 in libbpg version 0.9.7 and other products, which stems from the program...

CVE-2017-13135

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...

CVE-2017-13135

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...

Null pointer dereference

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...

UBUNTU-CVE-2017-13135

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...

DEBIAN-CVE-2017-13135

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...

CVE-2017-13135

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...

CVE-2017-13135

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...

colorscore Command Injection vulnerability

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the 1 imagepath, 2 colors, or 3 depth variable...

The vulnerability of the Fiddle::Function.new “initialize” method in the Ruby interpreter allows a hacker to cause a service failure.

The vulnerability of the Fiddle::Function.new “initialize” method in the Ruby interpreter arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or overflow the buffer due to changes in...

gdal: Heap-buffer-overflow in DDFFieldDefn::Initialize

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5536723368935424 Project: gdal Fuzzer: libFuzzergdalogrfuzzer Fuzz target binary: ogrfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

Security update for ruby2.1 (important)

This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation does...

PT-2017-17958 · Freetype +1 · Freetype +1

Name of the Vulnerable Software and Affected Versions: FreeType 2 versions prior to 2017-03-08 Description: The issue is caused by a heap-based buffer overflow related to the TT Get MM Var function in truetype/ttgxvar.c and the sfnt init face function in sfnt/sfobjs.c, resulting in an out-of-boun...

UBUNTU-CVE-2017-6827

Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file...

CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

UBUNTU-CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

PT-2017-2445 · Ruby +2 · Ruby +2

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: A heap overflow issue exists in the Fiddle::Function.new "initialize" function functionality of Ruby. The heap buffer "arg types" allocation is made based on the args array length. A specially...

ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution

It was found that the ghostscript function .initializedscparser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process...

ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution

It was found that the ghostscript function .initializedscparser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process...