CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1...

CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1...

Apple macOS ImageIO DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems

In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...

Apple macOS ImageIO DDS image out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the DDS image parsing functionality of ImageIO library on Apple macOS Big Sur 11.6.1 and iOS 15.1. A specially-crafted DDS file can disclose sensitive memory content which can aid in exploitation of other vulnerabilities. An attacker can deliv...

CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations 

CISA has released an Industrial Control Systems Advisory ICSA related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group OMG Data-Distribution Service DDS implementations. Successful exploitation of these vulnerabilities could result...

OCI OpenDDS 输入验证错误漏洞

Object Computing OpenDds is an open source middleware framework for C++ and Java applications from US-based Object Computing. An input validation error vulnerability exists in OCI OpenDDS that stems from the product's failure to properly handle data length information. An attacker could execute...

Real-Time Innovations Connext Dds多款产品缓冲区错误漏洞

Real-Time Innovations Connext Dds Professional and Connext Dds Secure are both products of Real-Time Innovations, Inc. Connext Dds Professional is a software framework designed to meet the demanding connectivity requirements of autonomous systems. Connext Dds Secure is a trusted software...

Real-Time Innovations Connext Dds Secure 输入验证错误漏洞

Real-Time Innovations Connext Dds Secure is a trusted software connectivity framework from Real-Time Innovations, Inc. It is used to build and protect system-of-systems. An input validation error vulnerability exists in Real-Time Innovations Connext Dds Secure, which stems from a failure to...

Eclipse Cyclone DDS 代码问题漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A code issue vulnerability exists in Eclipse Cyclone DDS that stems from the product's failure to properly handle write-what-where logic. The vulnerability allows an attacker to...

Connext Dds多款产品缓冲区错误漏洞

Real-Time Innovations Connext Dds Professional and Connext Dds Secure are both products of Real-Time Innovations, Inc. Connext Dds Professional is a software framework designed to meet the demanding connectivity requirements of autonomous systems. Connext Dds Secure is a trusted software...

Connext Dds 多款产品缓冲区错误漏洞

Real-Time Innovations Connext Dds Professional and Connext Dds Secure are both products of Real-Time Innovations, Inc. Connext Dds Professional is a software framework designed to meet the demanding connectivity requirements of autonomous systems. Connext Dds Secure is a trusted software...

Eclipse Cyclone DDS 输入验证错误漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. An input validation error vulnerability exists in Eclipse Cyclone DDS that stems from the product incorrectly handling invalid structures. An attacker could use this vulnerability...

Multiple Data Distribution Service (DDS) Implementations (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendors: Eclipse, eProsima, GurumNetworks, Object Computing, Inc. OCI, Real-Time Innovations RTI, TwinOaks Computing Equipment: CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS...

Microsoft Visual Studio DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2020-18734

A stack buffer overflow in /ddsi/qbitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

CVE-2020-18735

A heap buffer overflow in /src/ddsstream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

CVE-2020-18734

A stack buffer overflow in /ddsi/qbitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

CVE-2020-18735

A heap buffer overflow in /src/ddsstream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

UBUNTU-CVE-2020-18735

A heap buffer overflow in /src/ddsstream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...