Debian DLA-1899-1 : faad2 security update

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder : CVE-2018-19502 Heap buffer overflow in the function excludedchannels libfaad/syntax.c. This vulnerability might allow remote attackers to cause denial of service via crafted MPEG AAC data. CVE-2018-20196...

freeimage:load_from_memory_fuzzer: Stack-buffer-overflow in strncpy

Detailed Report: https://oss-fuzz.com/testcase?key=5633780185825280 Project: freeimage Fuzzing Engine: libFuzzer Fuzz Target: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address: 0x7f89f7151530 Crash State: strncpy...

Debian: Security Advisory (DLA-1893-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1893-1 : cups security update

Two issues have been found in cups, the Common UNIX Printing Systemtm. Basically both CVEs CVE-2019-8675 and CVE-2019-8696 are about stack-buffer-overflow in two functions of libcup. One happens in asn1gettype the other one in asn1getpacked. For Debian 8 'Jessie', these problems have been fixed i...

[SECURITY] [DLA 1893-1] cups security update

Package : cups Version : 1.7.5-11+deb8u5 CVE ID : CVE-2019-8675 CVE-2019-8696 Two issues have been found in cups, the Common UNIX Printing Systemtm. Basically both CVEs CVE-2019-8675 and CVE-2019-8696 are about stack-buffer-overflow in two functions of libcup. One happens in asn1gettype the other...

Apache 2.4.x < 2.4.41 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in modproxy when proxying is enabled and Proxy Error page is displayed. CVE-2019-10092 - An...

Oracle Linux 8 : redis:5 (ELSA-2019-2002)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2002 advisory. - fix Heap buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10192 Tenable has extracted the preceding description block directly...

redis:5 security update

5.0.3-2 - fix Heap buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10192 - fix Stack buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10193...

Updated redis packages fix security vulnerabilities

This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10192. A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10193...

MGASA-2019-0226 Updated redis packages fix security vulnerabilities

This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10192. A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10193...

Valve: [GoldSrc] Remote Code Execution using malicious WAD list in BSP file

Summary TEXInitFromWad function calls COMFileBase to get file name from a path into a buffer on the stack. Since COMFileBase does not have boundary checks and the buffer is small, long WAD file name can trigger a Stack Buffer Overflow, leading to arbitrary code execution. Steps to reproduce...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

Stack overflow

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

freeimage:load_from_memory_fuzzer: Stack-buffer-overflow in strncpy

Detailed Report: https://oss-fuzz.com/testcase?key=5131488567230464 Project: freeimage Fuzzing Engine: libFuzzer Fuzz Target: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address: 0x7f152a437530 Crash State: strncpy...

zstd:simple_decompress: Stack-buffer-overflow in ZSTD_decodeLiteralsBlock

Project: https://github.com/facebook/zstd.git Detailed Report: https://oss-fuzz.com/testcase?key=5640730759921664 Project: zstd Fuzzing Engine: libFuzzer Fuzz Target: simpledecompress Job Type: libfuzzerasanzstd Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address:...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

CVE-2019-13221

CVE-2019-13221 affects the stb_vorbis component (stb) in the compute_codewords() path. Multiple connected advisories (e.g., openSUSE-SU-2025:0039-1 and OSV-OPENSUSE-SU-2025:0039-1) describe a stack/buffer overflow in that area and list it among the fixes for stb via updated libstb packages. The v...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

[SECURITY] [DLA 1884-1] linux security update

Package : linux Version : 3.16.72-1 CVE ID : CVE-2017-18509 CVE-2018-20836 CVE-2019-1125 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...