597 matches found
CVE-2020-20412
lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...
Design/Logic Flaw
lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...
CVE-2020-20412
CVE-2018-5146 corresponds to an out-of-bounds memory write in libvorbis Vorbis audio processing. Documentation shows this affects libvorbis builds and was fixed upstream by updating in the 1.3.6 series (vuln exists in libvorbis before 1.3.6, as used by affected products). Root cause is insufficie...
CVE-2020-20412
lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...
Virtuozzo 7 : java-1.8.0-openjdk / etc (VZLSA-2019-1815)
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2019-11775
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...
Shenzhen Tencent Computer System Co., Ltd QQ Video suffers from array out-of-bounds reading vulnerability (CNVD-2020-23525)
QQ Video Player is a Tencent relaunched full-format video player software, fully supports 3GP, MKV, MOV, AVI, FLV, MP4 and other common formats of video files, support for MKV embedded subtitles and SRT, SMI plug-in subtitles, while supporting multi-track switching. Shenzhen Tencent Computer...
Microsoft Windows vResetSurfacePalette Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
CVE-2019-11774
Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...
Design/Logic Flaw
Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...
CVE-2019-11774
CVE-2019-11774 affects Eclipse OMR versions prior to 0.1. The issue is in the loop versioner: when a condition is moved out of the loop and reads a field, the privatization of that field’s value may fail in the modified loop copy, allowing one value to be observed while the loop later sees a modi...
CVE-2019-11774
Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...
PT-2019-12492 · Eclipse · Eclipse Omr
Name of the Vulnerable Software and Affected Versions: Eclipse OMR versions prior to 0.1 Description: The issue arises when the loop versioner fails to privatize a value pulled out of the loop by versioning. This can occur when a condition is moved out of the loop and reads a field, resulting in...
JDK: Failure to privatize a value pulled out of the loop by versioning
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...
JDK: Failure to privatize a value pulled out of the loop by versioning
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...
JDK: Failure to privatize a value pulled out of the loop by versioning
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...
JDK: Failure to privatize a value pulled out of the loop by versioning
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the...
CVE-2019-14437
The xiphSplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file...
CVE-2019-14437
The xiphSplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file...
CVE-2019-14437
The xiphSplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file...