CVE-2021-45259

GPAC vulnerability CVE-2021-45259 affects GPAC 1.1.0, where an invalid pointer reference in the gf_svg_node_del function can cause a segmentation fault and application crash. This is documented across multiple sources (NVD entry CVE-2021-45259 and OSV/Nessus/CNVD-style references). The available ...

CVE-2021-45259

An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gfsvgnodedel function, which causes a segmentation fault and application crash...

PT-2021-24217

Name of the Vulnerable Software and Affected Versions: GNU patch version 2.7 Description: An Invalid Pointer issue exists, which causes a Denial of Service via the another hunk function. Recommendations: For GNU patch version 2.7, consider applying a patch or fix that addresses the another hunk...

GNU patch 安全漏洞

GNU patch is a set of tools used by the GNU community to generate patch files. GNU patch has a denial of service vulnerability in version 2.7, which stems from the existence of an invalid pointer to the Otherhunk function, which can be exploited to cause a denial of service...

QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp)

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udpinput function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or...

QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6)

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6input function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or...

SUSE-SU-2021:3635-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - Fix heap use-after-free in virtionetreceivercu bsc1189938, CVE-2021-3748 - Fix out-of-bounds write in UAS USB Attached SCSI device emulation bsc1189702, CVE-2021-3713 - usbredir: free call on invalid pointer in bufpalloc...

Updated libslirp packages fix security vulnerability

Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU. In the bootpinput function while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory fr...

Libmobi 缓冲区错误漏洞

Libmobi is a C library . Used to handle Mobipocket/Kindle MOBI e-book format documents. An out-of-bounds read vulnerability exists in Libmobi, which stems from the program being vulnerable to the use of out-of-range pointer offsets, and can be exploited by an attacker to read memory information...

QEMU: usbredir: free() call on invalid pointer in bufp_alloc()

A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash ...

QEMU: usbredir: free() call on invalid pointer in bufp_alloc()

A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash ...

Design/Logic Flaw

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

CVE-2021-1947

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

GSD-2021-1001209 scsi: core: Fix bad pointer dereference when ehandler kthread is invalid

scsi: core: Fix bad pointer dereference when ehandler kthread is invalid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

openSUSE 15 Security Update : qemu (openSUSE-SU-2021:2591-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2591-1 advisory. - QEMU 5.0.0 has a heap-based Buffer Overflow in flatviewreadcontinue in exec.c because hw/sd/sdhci.c mishandles a write operation in the...

SUSE: Security Advisory (SUSE-SU-2021:2448-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : qemu (SUSE-SU-2021:2428-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2428-1 advisory. - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function...

Ubuntu 20.04 LTS : libslirp vulnerabilities (USN-5009-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5009-1 advisory. Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak...

Information Disclosure

libslirp is vulnerable to information disclosure. The vulnerability exists due to an invalid pointer initialization...

QEMU Invalid Pointer Initialization Vulnerability (CNVD-2021-45768)

QEMU is a suite of analog processor software. A security vulnerability exists in QEMU that stems from the function udp6input using memory outside of the working mbuf buffer when processing udp packets from incoming guests that are smaller than the size of the udphdr structure. An attacker could...