CVE-2022-36078 Slice Memory Allocation with Excessive Size Value in binary

Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...

CVE-2022-38127

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2022-38126

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2022-38127

Removed by vendor...

CVE-2022-38126

Removed by vendor...

CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...

ALPINE-CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...

CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...

Double free

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose at tifclose.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input...

CVE-2022-2520

Summary: CVE-2022-2520 affects LibTIFF 4.4.0rc1, where a sysmalloc assertion in rotateImage() (tiffcrop.c:8621) can cause a crash when processing crafted input. The connected advisories confirm additional related flaws in the same library (e.g., CVE-2022-2519, CVE-2022-2521, CVE-2022-2868, CVE-20...

CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...

CVE-2022-2521

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose at tifclose.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input...

CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...

CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...

NULL Pointer Dereference

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. Dereferencing a null pointer may result in an attempted read or write from memory that is not mapped,...

OTFCC Buffer Overflow Vulnerability (CNVD-2023-12005)

OTFCC is Caryll open source a C library and utilities. It is used to parse and write OpenType font files.OTFCC version 0.10.4 contains a buffer overflow vulnerability that stems from a segmentation violation in the /release-x64/otfccdump 0x4fbbb6 file. An attacker could exploit this vulnerability...

OTFCC Buffer Overflow Vulnerability (CNVD-2024-08554)

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a segmentation violation in the /release-x64/otfccdump+0x6babea file, which can be exploited by an attacker t...

OTFCC Buffer Overflow Vulnerability (CNVD-2023-12007)

OTFCC is Caryll open source a C library and utilities. It is used to parse and write OpenType font files.OTFCC version 0.10.4 contains a buffer overflow vulnerability that stems from a segmentation violation in the /release-x64/otfccdump 0x4fe954 file. An attacker could exploit this vulnerability...

OTFCC Buffer Overflow Vulnerability (CNVD-2024-08540)

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a segmentation violation in the /release-x64/otfccdump+0x65f724 file, which can be exploited by an attacker t...

OTFCC Buffer Overflow Vulnerability (CNVD-2024-08536)

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a segmentation violation in the /release-x64/otfccdump+0x5266a8 file, which can be exploited by an attacker t...