104 matches found
PYSEC-2021-36
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...
CVE-2021-25290
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...
CVE-2021-25290
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...
Pillow 缓冲区错误漏洞
Pillow is a Python-based image processing library. buffer overflow vulnerability exists in versions of Pillow prior to 8.1.1, which stems from the presence of a negative offset memcpy with an invalid size in TiffDecode.c. No details of the vulnerability are currently available...
CVE-2021-252890
In TiffDecode.c, there is a negative-offset memcpy with an invalid size...
CVE-2019-14842
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a...
DEBIAN-CVE-2017-8396
The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that condu...
php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used
The graphemestrpos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...
php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used
The graphemestripos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...
CVE-2016-4540
Removed by vendor...
CVE-2016-4541
The graphemestrpos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...
UBUNTU-CVE-2016-4540
The graphemestripos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...
UBUNTU-CVE-2016-4541
The graphemestrpos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...
Kaspersky Antivirus <= 6.0.1.411 UPX DoS Vulnerability
Kaspersky AntiVirus Engine 6.0.1.411 for Windows allows remote attackers to cause a denial of service CPU consumption via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be...
libfishsound: insufficient boundary checks
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...
CVE-2008-1686
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...
CVE-2008-1686
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...
libxine -- array index vulnerability
xine Team reports: A new xine-lib version is now available. This release contains a security fix an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer...
Integer overflow
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field...
CVE-2008-0986
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field...