CVE-2019-9720

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf...

CVE-2019-9719

Libav 12.3 contains a stack-based buffer overflow in the subtitle decoder (srt_to_ass in libavcodec/srtdec.c) triggered by crafted Matroska video files; the issue stems from misusing snprintf. Multiple sources (Red Hat, SUSE, Ubuntu, OSV, and others) describe a vulnerability with claims of disput...

PT-2019-19819 · FFmpeg · Libav

Name of the Vulnerable Software and Affected Versions: Libav version 12.3 Description: A stack-based buffer overflow issue exists in the subtitle decoder of Libav, potentially allowing attackers to corrupt the stack via a crafted video file in Matroska format. This issue arises from the misuse of...

QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables

tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...

QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables

tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...

QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables

tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...

QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables

tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...

CVE-2019-13129

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption infinite recursion issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling...

CVE-2019-13129

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption infinite recursion issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling...

Design/Logic Flaw

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption infinite recursion issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling...

CVE-2019-13129

Summary: CVE-2019-13129 affects the Motorola CX2L MWR04L router (version 1.01). The issue is a stack consumption/infinite recursion in the scopd process reachable over TCP port 8010 and UDP port 8080, caused by improper length handling in snprintf. This can lead to denial of service through resou...

CVE-2019-13129

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption infinite recursion issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling...

Information disclosure

tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...

CVE-2019-9824

tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...

CVE-2019-9824

CVE-2019-9824 affects QEMU (slirp: tcp_subr.c) where uninitialized data in snprintf leads to information disclosure. The issue is observed in SLIRP/tcp_emu usage within QEMU 3.0.0. Connected advisories consistently reference QEMU/libslirp components and recommend updating to patched releases; how...

CVE-2019-9824

tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...

JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...

Information Disclosure

miniupnpc-vc140 is vulnerable to information disclosure. Failure to validate a return value obj-tosend from snprintf allows a user to send a value larger than the buffer's length to cause a heap memory leak...

UBUNTU-CVE-2019-12107

The upnpeventprepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value...

DEBIAN-CVE-2019-12107

The upnpeventprepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value...