DEBIAN-CVE-2024-26685

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in endbufferasyncwrite According to a syzbot report, endbufferasyncwrite, which handles the completion of block device writes, may detect abnormal condition of the buffer asyncwrite flag and cause a BUGO...

UBUNTU-CVE-2024-26685

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in endbufferasyncwrite According to a syzbot report, endbufferasyncwrite, which handles the completion of block device writes, may detect abnormal condition of the buffer asyncwrite flag and cause a BUGO...

CVE-2024-28123

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the...

WebAssembly 缓冲区错误漏洞

WebAssembly is a binary instruction format for stack-based virtual machines from WebAssembly. A security vulnerability exists in WebAssembly versions prior to 0.31.1 that stems from an out-of-bounds buffer write if the host calls or restores more parameters than the default limit 128 for Wasm...

CVE-2021-47114

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at...

Out-of-bounds

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the...

NI LabVIEW VI File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VI files...

CVE-2024-28123 Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the...

CVE-2024-28123

The CVE-2024-28123 issue affects Wasmi, a WebAssembly interpreter. The root cause is an out-of-bounds buffer write when the host calls or resumes a Wasm function with more than 128 parameters, causing stack overflow for host-to-Wasm calls (not for Wasm-to-Wasm). This vulnerability is addressed by...

GHSA-75JP-VQ8X-H4CQ Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

Summary In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. Impact After...

Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

Summary In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. Impact After...

Autodesk Design Review Multiple Vulnerabilities (adsk-sa-2021-0003)

The version of Autodesk Design Review installed on the remote Windows host is a version prior to 2018 hotfix 4. It is, therefore, affected by multiple vulnerabilities. - A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013,...

CVE-2024-22920

swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c...

PT-2024-2691 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions V2201 through V2302.0006 Description: The issue is related to an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute...

SUSE-SU-2023:4597-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. - CVE-2023-40476: Fixed possible overflow using maxsublayersminus1 bsc1215793...

CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

stb_vorbis buffer error vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from the fact that a carefully crafted file may trigger a buffer write in "startdecoder", because "m-submaps" can be at most 16, but "submapfloor" and "submapresidue"...

CVE-2023-45681 Out of bounds heap buffer write in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

CVE-2023-45678

CVE-2023-45678 affects the stb_vorbis library (open-source Ogg Vorbis decoder). The root cause described in multiple sources is an out-of-bounds write in start_decoder where m->submaps can be up to 16, but submap_floor and submap_residue are declared as 15-element arrays, creating a potential ...