56 matches found
libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c
A buffer overflow vulnerability was found in libtiff. This flaw allows an attacker with network access to pass specially crafted files, causing an application to halt or crash. The root cause of this issue was from the memcpy function in tifunix.c...
The vulnerability in the JavaScript script handler of Firefox browsers, Firefox ESR, and the email client Thunderbird allows a hacker to execute arbitrary code.
The vulnerability of JavaScript script handlers in Firefox, Firefox ESR, and the email client Thunderbird lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by opening a specially crafted...
Important: docker
Issue Overview: A file permissions vulnerability was found in Moby Docker Engine. Copying files by using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an...
GHSA-Q85F-69Q7-55H2 Uninitialized variable access in Tensorflow
Impact The implementation of AssignOp can result in copying unitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of allocations, but does not check that the right hand...
python-pillow: Negative-offset memcpy in TIFF image reader
A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash...
MAT File I/O Library 缓冲区错误漏洞
The MAT File I/O Library matio is an open source, C language library for reading and writing binary MATLAB MAT files. A buffer error vulnerability exists in matio a.k.a. MAT File I O Library 1.5.20 and 1.5.21, which stems from a heap-based buffer overflow in the H5MM memcpy called from the H5MM...
kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability...
UBUNTU-CVE-2020-6096
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...
UBUNTU-CVE-2019-20398
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lysextensioninstancesfree due to a copy of unresolved extensions in lysrestrdup. Applications that use libyang to parse untrusted input yang files may crash...
CVE-2018-9165
The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to...
zsh Denial of Service Vulnerability
Z Shell Zsh is a Unix shell that can be used as an interactive login shell and a powerful shell script command interpreter. A denial of service vulnerability exists in params.c in zsh versions 5.4.2 and earlier during the copying of an empty hash table. An attacker can exploit this vulnerability ...
Microsoft Edge Chakra JIT Stack-To-Heap Copy Bug
Microsoft Edge: Chakra: JIT: stack-to-heap copy bug CVE-2018-0776 If variables don't escape the scope, the variables can be allocated to the stack. However, there are some situations, such as when a bailout happens or accessing to arguments containing stack-allocated variables, where those...
DEBIAN-CVE-2018-5308
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function base/PdfOutputStream.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...
DEBIAN-CVE-2015-6826
The ffrv34decodeinitthreadcopy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via crafted 1 RV30 or 2 RV40 RealVideo dat...
kernel: crypto: info leaks in report API
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAPNETADMIN capability...
local to local copy uses shell expansion twice
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...