PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

curl: CVE-2022-32208: FTP-KRB bad message verification

Summary: libcurl handles gssunwrap GSSSBADSIG error incorrectly. This enables malicious attacker to inject arbitrary FTP server responses to GSSAPI protected FTP control connection and/or make the client consume unrelated heap memory as a FTP command response. The defective krb5decode function is...

Lua buffer overflow vulnerability (CNVD-2022-31843)

Lua is a lightweight, extensible open source scripting language from the Lua LUA team. A buffer error vulnerability exists in Lua 5.4.4 and earlier, which stems from the lack of a specific luaKexp2anyregup call in singlevar in lparser.c, resulting in an overread of the heap-based buffer, which...

vim 缓冲区错误漏洞

Vim is an editor for UNIX-based platforms. A buffer error vulnerability exists in vim that stems from reading out of bounds in vim prior to 8.2...

Debian: Security Advisory (DLA-2868-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2868-1 : advancecomp - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2868 advisory. - An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use thi...

Updated glibc packages fixes security related bugs

This update fixes a few security related bugs: - regex: fix buffer read overrun in search BZ 28470 - nptl: Do not set signal mask on second setjmp return BZ 28607...

Libmobi 缓冲区错误漏洞

Libmobi is a C library . Used to handle Mobipocket/Kindle MOBI e-book format documents. An out-of-bounds read vulnerability exists in Libmobi, which stems from the program being vulnerable to the use of out-of-range pointer offsets, and can be exploited by an attacker to read memory information...

Heap OOB in `RaggedGather`

Impact If the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. python import tensorflow as tf tf.rawops.RaggedGather paramsnestedsplits = 0,0,0, paramsdensevalues = 1,1, indices = 0,0,9,0,0,...

ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and some other file formats. A security vulnerability exists in ok-file-formats. The vulnerability stems from a heap-based buffer overflow in the okcsvcircularbufferread function in okcsv.c in ok-file-formats through 2021-04-29...

HCC Embedded InterNiche 缓冲区错误漏洞

HCC Embedded InterNiche is a newsletter software. An out-of-bounds read vulnerability exists in the HCC Embedded InterNiche stack and NicheLite, which can be exploited by an attacker to cause an out-of-bounds read...

Modesty Pdf2json 缓冲区错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. PDF2JSON DCTStream::readHuffSym suffers from a denial of service vulnerability. The vulnerability stems from an invalid read of size 2. An attacker could exploit this...

The vulnerability of the WavpackVerifySingleBlock function in the openUtils.c component of the WavPack audio codec allows a hacker to trigger a service failure by exceeding the permissible buffer data read limits.

The vulnerability of the WavpackVerifySingleBlock function in the openUtils.c component of the WavPack audio codec is related to reading data from within acceptable buffer limits. Exploiting this vulnerability allows a remote attacker to cause a service failure by using a specially created WavPac...

Advisory ROSA-SA-2021-1891

Software: libsolv 0.6.34 OS: Cobalt 7.9 CVE-ID: CVE-2019-20387 CVE-Crit: HIGH CVE-DESC: repodataschema2id in repodata.c in libsolv before version 0.7.6 has an excessive heap-based buffer read due to the last schema being less than the length of the input schema. CVE-STATUS: default CVE-REV: defau...

Advisory ROSA-SA-2021-1842

Software: giflib 4.1.6 OS: Cobalt 7.9 CVE-ID: CVE-2015-7555 CVE-Crit: MEDIUM CVE-DESC: Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service program crash via the created image and logical screen width fields in a GIF file. CVE-STATUS:...

SUSE: Security Advisory (SUSE-SU-2015:0169-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0835-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:3189-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of Mozilla Thunderbird email client, related to reading data beyond the buffer in memory, allows attackers to gain access to confidential information.

The vulnerability of Mozilla Thunderbird’s email client, related to reading data beyond the buffer in memory, allows attackers to gain access to confidential information through a specially crafted message...

SUSE: Security Advisory (SUSE-SU-2015:0866-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...