UBUNTU-CVE-2019-17542

FFmpeg before 4.2 has a heap-based buffer overflow in vqadecodechunk because of an out-of-array access in vqadecodeinit in libavcodec/vqavideo.c...

FFmpeg Buffer Overflow Vulnerability (CNVD-2020-13570)

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A heap buffer overflow vulnerability exists in vqadecodechunk in versions of FFmpeg prior to 4.2, which can be exploited by an attacker to cause a...

Out-of-bounds

In GetMBheader of combineddecode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2...

MalConfScan - Volatility Plugin For Extracts Configuration Data Of Known Malware

MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function ...

UBUNTU-CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

CVE-2007-6595

ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on 1 temporary files used by the cligentempfd function in libclamav/others.c or on 2 .ascii files used by sigtool, when utf16-decode is enabled...

Buffer overflow

Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

PT-2019-14641 · FFmpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 2019-08-18 Description: The issue is related to a NULL pointer dereference in the huffman decode step function at huffman.c. Recommendations: For versions prior to 2019-08-18, update to a version released after...

Stegify - Go Tool For LSB Steganography, Capable Of Hiding Any File Within An Image

stegify is a simple command line tool capable of fully transparent hiding any file within an image. This technique is known as LSB Least Significant Bit steganography. Demonstration Carrier Data Results The Result file contains the Data file hidden in it. And as you can see it is fully transparen...

OpenSC out-of-bounds access vulnerability (CNVD-2019-31367)

OpenSC is a set of software tools and libraries for smart cards, focusing on smart cards with cryptographic capabilities. An ASN.1 Bitstring out-of-bounds access vulnerability exists in decodebitstring in libopensc/asn1.c in versions prior to OpenSC 0.20.0-rc1. No detailed vulnerability details a...

DEBIAN-CVE-2019-15946

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1decodeentry in libopensc/asn1.c...

DEBIAN-CVE-2019-15945

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c...

UBUNTU-CVE-2019-15946

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1decodeentry in libopensc/asn1.c...

UBUNTU-CVE-2019-15945

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c...

DEBIAN-CVE-2019-10056

An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the...

UBUNTU-CVE-2019-10056

An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the...

CVE-2018-20992

The CVE-2018-20992 issue affects the Rust Claxon crate (pre-0.4.1). A decode-buffer size handling flaw allowed uninitialized memory to be exposed; parts of the decode buffer could be overwritten or revealed depending on the bitstream value. Public descriptions (e.g., GHSA and RustSec advisories) ...

Important: edk2

Issue Overview: A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. CVE-2018-3613 improper DNS...

PT-2019-6193 · Exiv2 +1 · Exiv2 +1

Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.27.99.0 Description: The issue is related to an invalid memory access in the decode function of the iptc.cpp component in the Exiv2 library, which can lead to a buffer overflow. This allows a remote attacker to cause a denial ...

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...