Out-of-bounds

In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0...

CVE-2018-9437

In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0...

CVE-2018-9437

CVE-2018-9437 involves an out-of-bounds read in getstring() of ID3.cpp, causing a possible remote denial of service in Android. Affected products/versions: Android 6.0–8.1 (as listed). Root cause: missing bounds check on string handling. Impact: DoS with user interaction required (per CVSS3: Loca...

LibRaw 'rollei_load_raw()' function heap buffer overflow vulnerability

LibRaw is a C++ library for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A heap buffer overflow vulnerability exists in the 'rolleiloadraw' function in the internal/dcrawcommon.cpp file in LibRaw versions prior to 0.18.9. A remote attacker can exploit this vulnerability with th...

DEBIAN-CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplusdemangletype, dbarefunctiontype,...

UBUNTU-CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplusdemangletype, dbarefunctiontype,...

Fedora Update for yaml-cpp FEDORA-2018-c2499e6025

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for yaml-cpp FEDORA-2018-1758d97170

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: yaml-cpp-0.6.1-4.fc28

yaml-cpp is a YAML parser and emitter in C++ written around the YAML 1.2 sp ec...

Fedora 27 : yaml-cpp (2018-c2499e6025)

Security fix for CVE-2017-5950. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

[SECURITY] Fedora 29 Update: yaml-cpp-0.6.1-4.fc29

yaml-cpp is a YAML parser and emitter in C++ written around the YAML 1.2 sp ec...

Bento4 Null Pointer Dereference Vulnerability

Bento4 is a C++ class library and tool for reading and writing ISO-MP4 files. A null pointer dereference vulnerability exists in AP4JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can be exploited by an attacker to cause a denial of service via specially crafted mp4 files...

DEBIAN-CVE-2018-14450

An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp...

CVE-2018-14402

CVE-2018-14402 affects axmldec 1.2.0, with an out-of-bounds write in jitana::axml_parser::parse_start_namespace (lib/jitana/util/axml_parser.cpp). Multiple sources (NVD, OSV, CVE records) confirm the flaw. The Connected documents do not provide remediation steps or explicit exploit details. No ve...

Fast C++ CSV Parser Buffer Error Vulnerability

Fast C++ CSV Parser a.k.a. fast-cpp-csv-parser is a parser written in C++ for reading comma separated value CSV files. Fast C++ CSV Parser A heap buffer overflow vulnerability exists in the 'io::trimchars' function of the csv.h file in versions prior to 2018-07-06. An attacker can exploit this...

Design/Logic Flaw

An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp...

Monero: Misreporting of received amount by show_transfers

Summary: A sender may cause showtransfers to report a higher amount that was actually sent on the recipient's showtransfers output. Description: Due to a flaw in processnewtransaction in wallet2.cpp, if the tx pubkey is present multiple times, it will decode outputs correctly as many times, and a...

Remote Code Execution (RCE)

icu4c is vulnerable to remote code execution RCE attacks. A malicious user can pass a string to the ucnvUTF8FromUTF8 function in ucnvu8.cpp to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...

yaml-cpp denial of service vulnerability

yaml-cpp aka LibYaml-C++ is a C++ parser for use in YAML. A security vulnerability exists in the 'Token& Scanner::peek' function in the scanner.cpp file in yaml-cpp 0.5.3 and earlier. A remote attacker can exploit this vulnerability to cause a denial of service assertion failure and application...

DEBIAN-CVE-2018-10958

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call...