PT-2022-23530 · Xhyve · Xhyve

Name of the Vulnerable Software and Affected Versions: xhyve version dfbe09b Description: The issue is related to a NULL pointer dereference via the vi pci write component. This allows attackers to cause a Denial of Service via unspecified vectors. Recommendations: For xhyve version dfbe09b,...

PT-2022-22484 · Pngdec · Pngdec

Name of the Vulnerable Software and Affected Versions: PNGDec version prior to the version that includes the fix for the issue in commit 8abf6be Description: A heap buffer overflow issue was discovered in PNGDec via the interceptor fwrite.part.57 function at sanitizer common interceptors.inc...

AZL-45270 CVE-2022-31650 affecting package sox 14.4.2.0-34

In SoX 14.4.2, there is a floating-point exception in lsxaiffstartwrite in aiff.c in libsox.a...

Silicon Graphics LibTIFF 缓冲区错误漏洞

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains some command line tools for working with TIFF files. A security vulnerability exists in Silicon Graphics LibTIFF that originates from an invalid memor...

OSV-2021-1779 Heap-use-after-free in Segment::write

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42996 Crash type: Heap-use-after-free READ 1 Crash state: Segment::write Doublewrite::writepages Doublewrite::flushtodisk...

PT-2021-17965

Name of the Vulnerable Software and Affected Versions: Deark versions prior to 1.5.8 Description: The issue arises from a specially crafted input file that can cause a NULL pointer dereference in the dbuf write function, located in src/deark-dbuf.c. Recommendations: For versions prior to 1.5.8,...

CVE-2021-0377

In DeltaPerformer::Write of deltaperformer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Libgcrypt Buffer Error Vulnerability

Libgcrypt is a general-purpose cryptographic library developed by the GNU Project developed by the Gnu Project based on the GnuPG code. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, public key algorithms, and more. Libgcrypt before...

kernel: sg_write function lacks an sg_remove_request call in a certain failure case

A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...

Information Disclosure

undertow-core is vulnerable to information disclosure. The library does not properly flush the bytebuffer after handling response requests after the write function is called. The flushing function then proceeds to write out the contents of the writevBuffer which could contain sensitive informatio...

DEBIAN-CVE-2017-18185

An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the PlBuffer::write function in PlBuffer.cc. It is caused by an integer overflow in the PNG filter...

CVE-2017-18185

An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the PlBuffer::write function in PlBuffer.cc. It is caused by an integer overflow in the PNG filter...

PoDoFo Denial of Service Vulnerability (CNVD-2018-03971)

PoDoFo is an open source , written in C++ using the PDF file format library . A denial of service vulnerability exists in the 'PdfMemoryOutputStream::Write' function in the base/PdfOutputStream.cpp file in PoDoFo version 0.9.5, which stems from a program that does not properly validate the 'memcp...

CVE-2018-5308

PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function base/PdfOutputStream.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

CVE-2018-5308

PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function base/PdfOutputStream.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

CVE-2017-12953

The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service invalid memory write and application crash via a crafted gig file...

CVE-2016-9637

The 1 ioportread and 2 ioportwrite functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access...

PT-2016-3103 · Imagemagick +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: The issue is related to the ReadGROUP4Image function in coders/tiff.c, which does not properly handle errors. This can be exploited by a remote attacker to cause a denial of service,...

Xxe

The cpuphysicalmemorywriterominternal function in exec.c in QEMU aka Quick Emulator does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service guest crash via unspecified vectors...

By means of DynELF achieved without libc exploit summary-vulnerability warning-the black bar safety net

In the absence of the target system libc file of the case, we can use pwntools the DynELF module to leak address information, thereby acquiring to shell. This article for linux puts and write, respectively, shows the implementation of the DynELF key function of the leak method, and by a 3-CTF top...