SUSE CVE-2013-1796

The kvmsetmsrcommon function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required timepage alignment during an MSRKVMSYSTEMTIME operation, which allows guest OS users to cause a denial of service buffer overflow and host OS memory corruption or possibly have...

SUSE CVE-2013-4332

Multiple integer overflows in malloc/malloc.c in the GNU C Library aka glibc or libc6 2.18 and earlier allow context-dependent attackers to cause a denial of service heap corruption via a large value to the 1 pvalloc, 2 valloc, 3 posixmemalign, 4 memalign, or 5 alignedalloc functions...

SUSE CVE-2014-3716

Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service crash via an unspecified field in a DTB header in a 32-bit guest kernel...

SUSE CVE-2015-5307

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by triggering many AC aka Alignment Check exceptions, related to svm.c and vmx.c...

SUSE CVE-2017-7865

FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideodecodeblockopcode0xA function in libavcodec/interplayvideo.c and the avcodecaligndimensions2 function in libavcodec/utils.c...

SUSE CVE-2017-8421

The function coffsetalignmenthook in coffcode.h in Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dumprelocsinsection in objdump.c can...

SUSE CVE-2017-16890

SWFTools 0.9.2 has a divide-by-zero error in the wavconvert2mono function in lib/wav.c because the align value may be zero...

SUSE CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the zzipfetchdisktrailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...

SUSE CVE-2018-6872

The elfparsenotes function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service out-of-bounds read and segmentation violation via a note with a large alignment...

SUSE CVE-2020-14399

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed...

Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main or any other specified entrypoint, violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2...

RUSTSEC-2023-0014 Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main or any other specified entrypoint, violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2...

CLSA-2023-1675984774 Update of tzdata

Upgrade to tzdata-2022g - The northern edge of the Mexican state of Chihuahua will change time zone to agree with nearby US locations on 2022-11-30. - Added a new Zone America/CiudadJuarez that splits from America/Ojinaga. - Mexico will stop observing DST except near the US border. - Chihuahua...

CLSA-2023-1675984558 java-1.8.0-openjdk: Fix of 2 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09. That fixes following CVEs: - CVE-2023-21830: Improper restrictions in CORBA deserialization Serialization, 8285021 - CVE-2023-21843: Soundbank URL remote loading Sound, 8293742 - Update tzdata requirement to 2022g to match JDK-8297804 -...

PT-2023-32970 · Microsoft · Directxtex

Name of the Vulnerable Software and Affected Versions: DirectXTex versions prior to January 31, 2023 Description: A memory overwrite bug was reported in the ConvertToSinglePlane method when given an invalid height for planar video textures. This issue affects clients of the library who use the...

OESA-2023-1009 ImageMagick security update

Security Fixes: In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to...

CVE-2022-43598

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This...

OpenImageIO 缓冲区错误漏洞

OpenImageIO is OpenImageIO open source an image processing library . With an easy-to-use interface and a large number of supported image formats. OpenImageIO v2.4.4.2 version of a security vulnerability , the vulnerability stems from its IFFOutput alignment padding feature allows an attacker to...

GSD-2022-1008156 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()

bpf, testrun: Fix alignment problem in bpfprogtestrunskb This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.225 by commit...

GSD-2022-1007925 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()

bpf, testrun: Fix alignment problem in bpfprogtestrunskb This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.80 by commit...