GNU C Library Buffer Error Vulnerability

The GNU C Library glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A buffer error vulnerability exists in the GNU C Library through 2.32, which arises from incorrect handling of an invalid EUC-KR encoded multi-byte input sequence...

CVE-2020-11209

CVE-2020-11209 concerns Qualcomm’s DSP/Hexagon components (Snapdragon) where improper authorization in the DSP process could allow unauthorized downgrade of library versions across multiple Snapdragon platforms (SD820/821/855/675/660/429/439, SD855, SD860 etc., including QCS603/605, SDA855, SA615...

expat: heap-based buffer over-read via crafted XML input

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

Accusoft ImageGear PNG pngread width code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to t...

Spring Framework 5.0.x < 5.0.16 / 5.1.x < 5.1.13 / 5.2.x < 5.2.3 Spring Framework Reflected File Download Vulnerability. (CVE-2020-5398)

The remote host contains a Spring Framework library version that is 5.0.x prior to 5.0.16 or 5.1.x prior to 5.1.13 or 5.2.x prior to 5.2.3. It is, therefore, affected by a reflected file download vulnerability. An attacker can exploit this tricking user to click on a URL for trusted domain. Upon...

chromium-browser: Heap buffer overflow in Blink

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

libIEC61850 Resource Management Error Vulnerability (CNVD-2019-43852)

libIEC61850 is an open source library for IEC 61850. A security vulnerability exists in Memorymalloc and Memorycalloc in the hal/memory/libmemory.c file in libIEC61850 version 1.3.1. An attacker can exploit this vulnerability to cause a denial of service memory leak...

PT-2019-17974 · Libiec61850 +1 · Libiec61850 +1

Name of the Vulnerable Software and Affected Versions: libIEC61850 version 1.3.1 Description: The issue is related to memory leaks in the Memory malloc and Memory calloc functions located in hal/memory/lib memory.c, which are called from several files including mms/iso mms/common/mms value.c,...

CVE-2018-6337

folly::secureRandom will re-use a buffer between parent and child processes when fork is called. That will result in multiple forked children producing repeat or similar results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00...

DEBIAN-CVE-2018-20543

There is an attempted excessive memory allocation at libxsmmsparsecscreader in generatorspgemmcscreader.c in LIBXSMM 1.10 that will cause a denial of service...

CVE-2018-20536

There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF spatialreference.cpp in libLAS 1.8.1 that will cause a denial of service...

CVE-2018-17435

A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file...

UBUNTU-CVE-2018-3847

Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this...

PT-2018-16241 · Nasa · Cfitsio

Name of the Vulnerable Software and Affected Versions: CFITSIO library version 3.42 Description: Multiple exploitable buffer overflow vulnerabilities exist in the image parsing functionality. Specially crafted images parsed via the library can cause a stack-based buffer overflow, overwriting...

PT-2017-14782 · Unknown +2 · Game-Music-Emu +2

Name of the Vulnerable Software and Affected Versions: Game Music Emu library version 0.6.1 Description: The issue is related to the Mem File Reader::read avail function in Data Reader.cpp, which does not ensure a non-negative size. This allows remote attackers to cause a denial of service,...

UBUNTU-CVE-2017-2919

An exploitable stack based buffer overflow vulnerability exists in the xlsgetfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability...

AZL-34925 CVE-2017-3616 affecting package libdb for versions less than 5.3.28-7

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

CVE-2016-1000117

XSS & SQLi in HugeIT slideshow v1.0.4...

X.Org libXvMC Memory Corruption Vulnerability

X.Org libXvMC is an Xlib-based client library proprietary to the X-Video Motion Compensation API operated by the X.Org Foundation. A memory corruption vulnerability exists in X.Org libXvMC 1.0.9 and earlier versions, which can be exploited by an attacker to execute arbitrary code and cause a deni...

CVE-2016-1000146

Reflected XSS in wordpress plugin pondol-formmail v1.1...