748 matches found
PT-2016-7751 · W3M +2 · W3M +2
Name of the Vulnerable Software and Affected Versions: w3m versions prior to 0.5.3-31 Description: An issue in w3m allows remote attackers to cause a denial of service via a crafted HTML page, specifically through out-of-bounds array access. Recommendations: For versions prior to 0.5.3-31, update...
CVE-2016-9637
An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially...
Debian DLA-644-1 : libav security update
Multiple vulnerabilities have been found in libav : CVE-2015-1872 The ffmjpegdecodesof function in libavcodec/mjpegdec.c in Libav before 0.8.18 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service out-of-bounds...
CVE-2016-4952
QEMU aka Quick Emulator, when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds array access via vectors related to the 1 PVSCSICMDSETUPRINGS or 2 PVSCSICMDSETUPMSGRING SCSI command...
CVE-2016-4952
CVE-2016-4952 affects QEMU when built with VMWARE PVSCSI paravirtual SCSI bus emulation; it allows a local privileged guest OS user to trigger an out-of-bounds access in PVSCSI_CMD_SETUP_RINGS or PVSCSI_CMD_SETUP_MSG_RING, causing a denial of service. OpenVAS/Nessus entries in related advisories ...
CVE-2016-4952
QEMU aka Quick Emulator, when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds array access via vectors related to the 1 PVSCSICMDSETUPRINGS or 2 PVSCSICMDSETUPMSGRING SCSI command...
Race condition
Race condition in the ecdeviceioctlxcmd function in drivers/platform/chrome/crosecdev.c in the Linux kernel before 4.7 allows local users to cause a denial of service out-of-bounds array access by changing a certain size value, aka a "double fetch" vulnerability...
CVE-2016-6156
CVE-2016-6156 is a local-denial-of-service race in the Linux kernel Chrome EC driver (ec_device_ioctl_xcmd) implemented in drivers/platform/chrome/cros_ec_dev.c. It allows a local user to trigger an out-of-bounds array access by tampering with a size value, in kernels before 4.7; a fix was applie...
CVE-2016-3855
drivers/thermal/supplylmcore.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted application, aka Qualcomm...
CVE-2016-3854
drivers/media/video/msm/msmmctlbuf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted application, aka Qualcomm internal...
CVE-2016-3855
drivers/thermal/supplylmcore.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted application, aka Qualcomm...
CVE-2016-3854
drivers/media/video/msm/msmmctlbuf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted application, aka Qualcomm internal...
CVE-2016-2330
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted .tga file, related to the gifimagewriteimage, gifencodeinit, and...
CVE-2016-2327
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted .avi file, related to the apngencodeframe and encodeapng...
CVE-2016-2327
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted .avi file, related to the apngencodeframe and encodeapng...
CVE-2016-2328
libswscale/swscaleunscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service out-of-bounds array read access or possibly have unspecified other impact via a crafted .cine file, related to the bayertorgb24wrapper and...
Out-of-bounds
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted .avi file, related to the apngencodeframe and encodeapng...
CVE-2016-2327
CVE-2016-2327 affects FFmpeg’s libavcodec/pngenc.c before 2.8.5, where incorrect line sizes in certain row calculations allow a crafted .avi file to trigger a denial of service via an out-of-bounds array access, related to the apng_encode_frame and encode_apng functions. Exploitation details are ...
CVE-2016-2330
CVE-2016-2330 affects FFmpeg up to version 2.8.5, where libavcodec/gif.c fails to calculate a buffer size correctly, enabling a remote attacker to trigger a denial of service via an out-of-bounds access with a crafted .tga file. The vulnerability is linked to the internals of GIF encoding (gif_im...
CVE-2016-2329
libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted TIFF file, related to th...