ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2022-29458

A segmentation fault vulnerability was found in ncurses's convertstrings function of tinfo/readentry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error...

CVE-2022-1056

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd...

CLSA-2022-1648136371 Fix of CVE: CVE-2022-22721, CVE-2022-23943, CVE-2022-22719, CVE-2022-22720

CVE-2022-22719: modlua: error out if luareadbody or luawritebody fail - CVE-2022-22720: simpler connection close logic if discarding the request body fails - CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory - CVE-2022-23943: modsed: use sizet to allow for larger...

CVE-2022-0924

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4...

ROS-20220310-01

PJSIP multimedia communication library vulnerability is related to a boundary error in the PJSUA API during the pjsuaplaylistcreate call. Exploitation of the vulnerability could allow an attacker acting remotely, cause a stack buffer overflow and execute arbitrary code on the target system The...

CVE-2021-24043

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a...

vim 缓冲区错误漏洞

Vim is an editor for UNIX-based platforms. A buffer error vulnerability exists in vim that stems from reading out of bounds in vim prior to 8.2...

Foxit PDF Reader for Mac < 11.1.1 Multiple Vulnerabilities

According to its version, the Foxit PDF Reader for Mac application previously named Foxit Reader for Mac installed on the remote macOS host is prior to 11.1.1. It is, therefore affected by multiple vulnerabilities: - An out-of-bounds read error exists in Foxit PDF Reader for Mac due to the...

Foxit PDF Editor for Mac < 11.1.1 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 11.1.1. It is, therefore affected by multiple vulnerabilities: - An out-of-bounds read error exists in Foxit PDF Editor for Mac due to the...

Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2022-07642)

Adobe Illustrator is a set of vector-based image creation software from the American company Odobi Adobe. A buffer overflow vulnerability exists in Adobe?Illustrator. An attacker could use this vulnerability to trick a victim into opening a carefully constructed file, triggering an out-of-bounds...

ROS-2-2005

2.2005 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 Vulnerability in the Exim message forwarding agent, related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

PYSEC-2021-404

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

Tenable SecurityCenter OpenSSL < 1.1.1l Multiple Vulnerabilities (TNS-2021-16)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is missing the security patch SC-202109.1, therefore affected by multiple vulnerabilities as referenced in the 1.1.1l advisory: - A heap-based buffer overflow condition exists due to the...

HCC Embedded InterNiche Technologies NicheStack Input Validation Error Vulnerability

InterNiche Technologies NicheStack is a small footprint, RFC-compliant embedded stack that is portable to commercial or proprietary non-MMU operating systems. InterNiche Technologies NicheStack suffers from an input validation error vulnerability that stems from a boundary condition in the ICMP...

Apple macOS Big Sur Buffer Overflow Vulnerability (CNVD-2021-102843)

Apple macOS Big Sur is a mobile application app from Apple, Inc. Apple macOS Big Sur is vulnerable to a buffer overflow vulnerability that could be exploited by remote attackers to create a specially crafted font file and trick victims into opening it, triggering an out-of-bounds read error and...

Modesty Pdf2json 缓冲区错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. PDF2JSON DCTStream::readHuffSym suffers from a denial of service vulnerability. The vulnerability stems from an invalid read of size 2. An attacker could exploit this...

SUSE-SU-2021:2180-1 Security update for libsolv

This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodataschema2id bsc1161510 - CVE-2021-3200: testcaseread: error out if repos are added or the system is changed too late bsc1186229 Other issues fixed: - backport support f...

Information Disclosure

exim4 is vulnerable to information disclosure. The vulnerability exists due to a boundary condition in smtpsetupmsg function. A remote attacker can send specially crafted message to the system, trigger out-of-bounds read error and read contents of memory on the system...

Adobe FrameMaker 2019 <= 15.0.8 (2019.0.8) / Adobe FrameMaker 2020 <= 16.0.1 (2020.0.1) Arbitrary Code Execution (APSB21-14)

The version of Adobe FrameMaker installed on the remote Windows host is prior or equal to Adobe FrameMaker 2019 15.0.8 / Adobe FrameMaker 2020 16.0.1. It is, therefore, affected by a vulnerability as referenced in the apsb21-14 advisory. - Adobe Framemaker version 2020.0.1 and earlier is affected...