DEBIAN-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete and should only be used for development and testing purposes.

...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. This number is duplicated with CNNVD-201908-1067, the related content has been removed, please refer to the information of CNNVD-201908-1067...

OSV-2021-955 Stack-buffer-overflow in Buffer_AppendIndentUnchecked

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 Crash type: Stack-buffer-overflow WRITE 1 Crash state: BufferAppendIndentUnchecked encode encode...

UBUNTU-CVE-2021-28879

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...

DEBIAN-CVE-2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data...

AZL-79110 CVE-2021-3114 affecting package golang 1.25.7-1

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field...

CVE-2020-15570

The parsereport function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file...

UBUNTU-CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

AZL-44877 CVE-2020-14040 affecting package buildah for versions less than 1.41.4-2

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

DEBIAN-CVE-2019-20421

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...

DEBIAN-CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...

CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...

AZL-6326 CVE-2019-6470 affecting package bind for versions less than 9.16.15-3

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...

ALPINE-CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...

CVE-2019-6470

CVE-2019-6470 concerns a use-after-free/crash in DHCPv6 when ISC BIND libraries are mismatched with dhcpd. The described root cause is a bug in a BIND library function used by dhcpd, with the library bug preventing normal operation and a crash potential when vendors differ in package versions. Af...

Google Android Information Disclosure Vulnerability (CNVD-2019-36437)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in libxaac in Google Android 10. The vulnerability stems from the presence of uninitialized data. An attacker could...

UBUNTU-CVE-2019-14734

AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load in mtk.cpp...

CVE-2019-14292

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1...

UBUNTU-CVE-2019-8398

An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5Tgetsize in H5T.c...