Gross Security Breach

gross is a gray-listed service for Postfix, Exim, Sendmail, and Oracle Communications Messaging Server. A security vulnerability exists in Gross versions prior to 0.9.3 through 1.0.4, which stems from the presence of a buffer overflow vulnerability. An attacker could use this vulnerability to...

BIT-PILLOW-2020-5313

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...

CVE-2023-50671

In exiftags 1.01, nikonprop1 in nikon.c has a heap-based buffer overflow write of size 28 because snprintf can write to an unexpected address...

SUSE CVE-2019-9210

In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read...

CVE-2023-28393

A stack-based buffer overflow vulnerability exists in the tifprocessingdngchannelcount functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-42277

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath...

Stack overflow

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape, jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when...

SUSE CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simplevec" function in the "extract.c" source file. This affects icotool...

SUSE CVE-2020-14310

There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a...

CVE-2022-47654

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gfhevcreadspsbsinternal function of mediatools/avparsers.c:8261...

CVE-2022-20040

In powerhalmanagerservice, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219150; Issue ID: ALPS06219150...

CVE-2021-46671

options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client...

CVE-2021-34893

CVE-2021-34893 affects Bentley View 10.15.0.75. The flaw is in BMP file parsing where the length of user-supplied data is not properly validated before copying to a heap-based buffer, enabling remote code execution in the context of the current process. Exploitation requires user interaction (vis...

Heap overflow

vim is vulnerable to Heap-based Buffer Overflow...

UVI-2021-1002022 media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

media: firewire: firedtv-avc: fix a buffer overflow in avccapmt This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.158 by commit...

CVE-2020-22675

An issue was discovered in gpac 0.8.0. The GetGhostNum function in stblread.c has a heap-based buffer overflow which can lead to a denial of service DOS via a crafted input...

CVE-2021-39527

An issue was discovered in libredwg through v0.10.1.3751. appinfoprivate in decode.c has a heap-based buffer overflow...

openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts

An input-validation flaw was found in openstack-neutron, where an authenticated attacker could change the dnsmasq configuration. By crafting extradhcpopts values, the attacker could crash the dnsmasq, change parameters for tenants sharing the same interface, or otherwise alter that daemon’s...

OSV-2017-24 Heap-buffer-overflow in pnm_type_find

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4039 Crash type: Heap-buffer-overflow READ 1 Crash state: pnmtypefind gsttypefindfactorycallfunction gsttypefindhelperfordata...

CVE-2020-13544

An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s...