2521 matches found
Medium: ImageMagick
Issue Overview: A vulnerability was found in ImageMagick. This issue occurs as an undefined behavior, casting double to sizet in svg, mvg and other coders. CVE-2023-34151 Affected Packages: ImageMagick Issue Correction: Run dnf update ImageMagick --releasever 2023.1.20230825 or dnf update...
electionToTimestamp() might return incorrect timestamps depending on the day of the first election
Lines of code Vulnerability details Bug Description For nominee elections, election dates are determined using the the electionToTimestamp function in the SecurityCouncilNomineeElectionGovernorTiming module. When SecurityCouncilNomineeElectionGovernor is initialized after deployment, the first...
GHSA-F9G6-FP84-FV92 impl `FromMdbValue` for bool is unsound
The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...
CLSA-2023-1689259028 Fix CVE(s): CVE-2022-37452, CVE-2022-32546, CVE-2023-34151
SECURITY UPDATE: undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546 - debian/patches/CVE-2023-34151.patch: properly cast double to sizet - CVE-2022-37452...
Null pointer dereference
A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...
CVE-2023-2908 Libtiff: null pointer dereference in tif_dir.c
A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...
CVE-2023-2908 Libtiff: null pointer dereference in tif_dir.c
A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...
RUSTSEC-2023-0047 impl `FromMdbValue` for bool is unsound
The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...
Lack of input validation
Lines of code Vulnerability details Impact There is no input sanitizer implemented for the transfertypes.FungibleTokenPacketData data variable. Proof of Concept After "unmarshaling" the packet, which checks if there is an error, it is used right away without further checking the fields inside it,...
GHSA-G753-GHR7-Q33W cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`
The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...
GHSA-WFG4-322G-9VQV memoffset allows reading uninitialized memory
memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...
memoffset allows reading uninitialized memory
memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...
RUSTSEC-2023-0045 memoffset allows reading uninitialized memory
memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...
memoffset allows reading uninitialized memory
memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...
CVE-2023-25736
An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox 110...
Code injection
An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox 110...
CVE-2023-25736
An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox 110...
CVE-2023-25736
An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox 110...
CVE-2023-25736
An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox 110...
OESA-2023-1347 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...