Hancom Hangul Office HShow!NXDeleteLineObj+0x53692 Code Execution Vulnerability(CVE-2016-4291)

Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a Hangul HShow Document .hpt and...

UBUNTU-CVE-2017-9725

In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail...

CVE-2017-9725

CVE-2017-9725 affects Qualcomm CAF Android builds using the Linux kernel. Root cause: during DMA allocation, a wrong data type of size truncates the allocation size, causing it to succeed when it should fail. This yields a high-severity issue (local access, low attack complexity) as reflected in ...

Denial Of Service (DoS) Through Memory Leaks

ImageMagick is susceptible to denial of service DoS through Memory Leaks. The vulnerability is caused due to the library not properly handling memory allocation in the WriteOneJNGImage function in coders/png.c, leading to a memory leak that could consume all the application's memory...

CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...

CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...

Apple iOS / MacOS Domain Socket Kernel Use-After-Free(CVE-2017-2501)

iOS/MacOS kernel uaf due to bad locking in unix domain socket file descriptor externalization unpexternalize is responsible for externalizing the file descriptors carried within a unix domain socket message. That means allocating new fd table entries in the receiver and recreating a file which...

LG G4 MRA58K - mkvparser::Block::Block Heap Buffer Overflow

LG G4 MRA58K - mkvparser::Block::Block Heap Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1124 There are multiple paths in mkvparser::Block::Block... that result in heap buffer overflows. See attached for sample files that trigger the overflow conditions - thes...

Based on jemalloc Android exploit skills----CENSUS-bug warning-the black bar safety net

Background description jemalloc-related research argp and huku in 2012 in Phrack published on: jemalloc memory allocator a separate use of themade-based on FreeBSD libc POC. argp and huku in 2012 BlackHat published: in Firefo play bad jemalloc metadata. argp in 2015 INFILTRATE on jemalloc exploit...

Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1136 This is a vulnerability that affects VirtualBox VMs that use a virtio network adapter which is a non-standard configuration. It permits the guest kernel to write up to 4GB of controlled data out of bounds in the trusted userla...

MacOS/iOS kernel uaf due to bad locking in necp_open (CVE-2017-2478)

necpopen is a syscall used to obtain a new necp file descriptor The necp file's fp's fgdata points to a struct necpfddata allocated on the heap. Here's the relevant code from necpopen: error = fallocp, &fp, &fd, vfscontextcurrent; --------------------- a if error != 0 goto done; if fddata =...

Virtuozzo 6 : libvzctl / parallels-kernel-modules / etc (VZA-2017-005)

According to the versions of the libvzctl / parallels-kernel-modules / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw found in the way prl-vzvncserver parsed terminal escape sequences that could allow a remote attacker...

Windows Exploit development tutorial series--stack injection a-vulnerability warning-the black bar safety net

! Foreword Welcome to the heap spray tutorial the first part. This Part I will introduce the IE under typical heap spray technique, the second part will introduce the precise injection and IE8 under UAF vulnerabilities. It is worth mentioning that, the stack injection is just a payload Delivery...

CVE-2016-9939

Crypto++ aka cryptopp and libcrypto++ 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...

CVE-2016-9939

Crypto++ aka cryptopp and libcrypto++ 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...

CVE-2017-5340

Zend/zendhash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service integer overflow, uninitialized memory access, and use of arbitrary destructor function...

Heap overflow

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

UBUNTU-CVE-2016-9894

A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox 50.1...

Debian DSA-3705-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. - CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case...