WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check

/ While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc in current HEAD and release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc on macOS: / // Run with --thresholdForFTLOptimizeAfterWarmUp=1000 // First array probably required to avoi...

WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Exploit

WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check / While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc in current HEAD and release...

EulerOS 2.0 SP5 : spice (EulerOS-SA-2019-1075)

According to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice: Off-by-one error in array access in spice/server/memslot.c CVE-2019-3813 Note that Tenable Network Security has extracted the preceding...

CentOS 7 : spice (CESA-2019:0231)

An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

spice security update

CentOS Errata and Security Advisory CESA-2019:0231 An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Scientific Linux Security Update : spice-server on SL6.x x86_64 (20190131)

Security Fixes : - spice: Off-by-one error in array access in spice/server/memslot.c CVE-2019-3813 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid121535; scriptversion"1.5";...

Scientific Linux Security Update : spice on SL7.x x86_64 (20190131)

Security Fixes : - spice: Off-by-one error in array access in spice/server/memslot.c CVE-2019-3813 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid121534; scriptversion"1.5";...

RHEL 6 : spice-server (RHSA-2019:0232)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0232 advisory. The Simple Protocol for Independent Computing Environments SPICE is a remote display protocol for virtual environments. SPICE users can access a...

CVE-2019-6985

An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array acces...

CVE-2019-6985

CVE-2019-6985 affects Foxit 3D Plugin Beta prior to 9.4.0.16807 for Foxit Reader/PhantomPDF. The issue is an out-of-bounds read in Indexing or a heap overflow caused by an array access violation when handling PDF files that embed crafted 3D content, leading to a crash. No exploitation details are...

SUSE SLED15 / SLES15 Security Update : ffmpeg (SUSE-SU-2018:2305-1)

This update for ffmpeg fixes the following issues: Security issues fixed : - CVE-2018-13302: Fixed out of array access issue bsc1100356. - CVE-2018-1999010: Fixed multiple out of array access vulnerabilities in the mms protocol that could result in accessing out of bound data via specially crafte...

Input validation

Out-of-bounds array access in dhdrxframe in drivers/net/wireless/bcmdhd4358/dhdlinux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker who has obtained code execution on the Wi-Fi chip to cause invalid accesses to operating system memory due to...

CVE-2018-14852

Out-of-bounds array access in dhdrxframe in drivers/net/wireless/bcmdhd4358/dhdlinux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker who has obtained code execution on the Wi-Fi chip to cause invalid accesses to operating system memory due to...

CVE-2018-19755

There is an illegal address access at asm/preproc.c function: ismmacro in Netwide Assembler NASM 2.14rc16 that will cause a denial of service out-of-bounds array access because a certain conversion can result in a negative integer...

Design/Logic Flaw

There is an illegal address access at asm/preproc.c function: ismmacro in Netwide Assembler NASM 2.14rc16 that will cause a denial of service out-of-bounds array access because a certain conversion can result in a negative integer...

CVE-2018-19755

There is an illegal address access at asm/preproc.c function: ismmacro in Netwide Assembler NASM 2.14rc16 that will cause a denial of service out-of-bounds array access because a certain conversion can result in a negative integer...

CVE-2018-19755

There is an illegal address access at asm/preproc.c function: ismmacro in Netwide Assembler NASM 2.14rc16 that will cause a denial of service out-of-bounds array access because a certain conversion can result in a negative integer...

SUSE-SU-2018:2305-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: Security issues fixed: - CVE-2018-13302: Fixed out of array access issue bsc1100356. - CVE-2018-1999010: Fixed multiple out of array access vulnerabilities in the mms protocol that could result in accessing out of bound data via specially crafted...

CVE-2018-1999010

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been...

Design/Logic Flaw

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been...