Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

CVE-2021-34379

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption...

The vulnerability of the elf_end function in the libelf library, a set of utilities for processing ELF objects, relates to the issue of allowing the output operation to be within acceptable data buffer limits. This vulnerability allows an attacker to cause a service failure.

The vulnerability of the elfend function in the libelf library is related to improper closure of the ar file. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...

CVE-2019-14066

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2019-14066

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2019-14066

CVE-2019-14066 describes an integer overflow in calculating the estimated output buffer size when retrieving a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Qualcomm Snapdragon ecosystems (e.g., Kamorta, MDM9205/9607, Nicobar, QCS404/405, Rennell, SA6155P, SC7180/...

CVE-2019-10588

Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrago...

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

UBUNTU-CVE-2019-17113

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlugInstrumentName and ModPlugSampleName in libopenmptmodplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow...

ALPINE-CVE-2019-11922

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used...

CVE-2019-5600

In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the...

Windows Kernel 64-bit stack memory disclosure in NtQueryInformationThread(ThreadBasicInformation)(CVE-2018-0895)

We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. The specific layout of the...

Microsoft Windows - nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues) Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryInformationProcess information class 76 QueryProcessEnergyValues Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryInformationProcess system call invoked with the 76 information class discloses portions of uninitialized kernel stack memory to...

MGASA-2018-0053 Updated curl packages fix security vulnerability

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...

Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability(CVE-2016-8339)

Summary An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Tested Versions...

Oracle Linux 7 : freeradius (ELSA-2017-2389)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2389 advisory. - Related: Bug1469414 CVE-2017-10984 freeradius: Out-of-bounds write in data2vpwimax - Resolves: Bug1469409 CVE-2017-10978 freeradius: Out-of-bounds...

NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation

Exploit for windows platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=880 The \.\UVMLiteController device is created by the nvlddmkm.sys driver, and can be opened by any user. The driver handles various control codes for this device, but there...

DEBIAN-CVE-2016-8339

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG S...

CVE-2016-8339

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG S...