UBUNTU-CVE-2024-41039

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer...

UBUNTU-CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038 firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038 firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038

CVE-2024-41038 affects the Linux kernel firmware for cs_dsp. The vulnerability is a buffer overrun risk when processing V2 algorithm headers due to the wmfw V2 format introducing variable-length strings in the header; the header length and field positions vary with string lengths. The issue is mi...

CVE-2024-41038 firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

PT-2024-37886 · Irfan Skiljan · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this, where the target must visit a malicious...

PT-2024-37880 · Irfanview · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in the ability to write code beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a hacker to remotely execute arbitrary code using a specially crafted file...

The vulnerability of the WSQ Plugin for IrfanView, a program for viewing and playing graphic, video, and audio files, arises from the operation of the function that allows data to be written beyond the buffer in memory. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the WSQ Plugin for IrfanView, a program for viewing and playing graphic, video, and audio files, is related to the occurrence of operations outside the buffer in memory during the processing of WSQ format files. Exploiting this vulnerability can allow an attacker to execute...

The vulnerability of the AsInsHelp64.sys driver, part of the DeviceIoControl utility in ASUS’ ASUS Fan Xpert computer and laptop fan control software, allows a hacker to execute arbitrary code, increase their privileges, or disclose sensitive information.

The vulnerability of the AsInsHelp64.sys driver, which is part of the DeviceIoControl utility in the ASUS ASUS Fan Xpert speed control software, relates to operations that go beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code, gain...

tpm2-tss: Buffer Overlow in TSS2_RC_Decode

A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In affected versions, Tss2RCSetHandler and Tss2RCDecode index into the layerhandler with an 8-bit layer number, but the array only ha...

The vulnerability of the microprogramming software for AutomationDirect P3-550E lies in the possibility of writing beyond the buffer boundaries in memory, allowing a intruder to cause malfunctions during maintenance.

The vulnerability of the microprogrammed software in AutomationDirect P3-550E controllers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause malfunctions in the system remotely...

The vulnerability of the User Mode Driver for DirectX 11 in AMD Radeon microcomputer graphics software allows a hacker to execute arbitrary code.

The vulnerability of the User Mode Driver for DirectX 11 in AMD Radeon graphics processors is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the pre-processing processor Simcenter Femap, related to writing beyond buffer boundaries, allows a hacker to execute arbitrary code.

The vulnerability of the pre-processing processor Simcenter Femap is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a attacker to execute arbitrary code using a specially created IGS format malicious file...

The vulnerability of the ImageIO component in operating systems iPadOS, iOS, and macOS allows a hacker to execute arbitrary code.

The vulnerability of the ImageIO component in operating systems such as iPadOS, iOS, macOS, and visionOS is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the JT Open Toolkit (JTTK) and PLM XML SDK development tools arises from the possibility of an operation exceeding the buffer boundaries in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the JT Open Toolkit JTTK and PLM XML SDK development tools is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious XML file...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for Windows operating systems lies in the fact that operations may go beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...