PT-2019-13184 · No Company · Stb Vorbis

Name of the Vulnerable Software and Affected Versions: stb vorbis versions through 2019-03-04 Description: A heap buffer overflow in the start decoder function allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. Recommendations: For stb...

PT-2019-13187 · Nothinq · Stb Vorbis

Name of the Vulnerable Software and Affected Versions: stb vorbis versions through 2019-03-04 Description: The issue is related to the use of uninitialized stack variables in the start decoder function, which can be exploited by opening a crafted Ogg Vorbis file. This can lead to a denial of...

Unspecified vulnerability in Sean Barrett stb_vorbis (CNVD-2019-41487)

Sean Barrett stbvorbis is an open source audio codec for decoding ogg vorbis files. A security vulnerability exists in the 'startdecoder' function in Sean Barrett stbvorbis 2019-03-04 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service or disclose sensiti...

libarchive security update

3.1.2-12 - fixed use after free in RAR decoder 1700749 - fixed double free in RAR decoder 1700748 3.1.2-11 - fix out-of-bounds read within lhareaddatanone CVE-2017-14503 - fix crash on crafted 7zip archives CVE-2019-1000019 - fix infinite loop in ISO9660 CVE-2019-1000020...

Denial Of Service (DoS)

libarchive is vulnerable to denial of service DoS. It is possible due to use after free in RAR decoder...

libarchive: Double free in RAR decoder resulting in a denial of service

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archivereadsupportformatrar.c, parsecodes, reallocrar-lzss.window, newsize with newsize = 0 that can result in Crash/DoS. Thi...

Exploit for Out-of-bounds Write in Google Android

CVE-2019-2107 CVE-2019-2107 CVE-2019-2107 - looks scary. Stil...

OFFIS.de DCMTK Buffer Overflow Vulnerability

OFFIS.de DCMTK is a toolkit that implements the DICOM standard to inspect, build and convert DICOM image files, send and receive images over a network connection. A buffer overflow vulnerability exists in DcmRLEDecoder::decompress in OFFIS.de DCMTK 3.6.3 and earlier versions. The vulnerability...

OPENSUSE-SU-2019:1770-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: kernel-firmware was updated to version 20190618: cavium: Add firmware for CNN55XX crypto driver. linux-firmware: Update firmware file for Intel Bluetooth 22161 linux-firmware: Update firmware file for Intel Bluetooth 9560 linux-firmware:...

EthereumJ Code Issues Vulnerabilities

EthereumJ is a Java language implementation of the Ethernet protocol. A code issue vulnerability exists in the crypto/ECKey.java file's decoder.readObject and the mine/Ethash.java file's ois.readObject in EthereumJ version 1.8.2. An attacker could exploit this vulnerability to execute arbitrary...

PT-2019-2512 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.3.0 Description: The issue is related to the XMLDecoder component of the Oracle WebLogic Server, which has weaknesses in its deserialization mechanism. This can be exploited by a remot...

CVE-2019-2094

In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...

Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1463)

The version of Symantec Content Analysis running on the remote host is prior to version 2.3.5.1. It is, therefore, affected by multiple vulnerabilities: - An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denia...

CVE-2018-10115

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...

EulerOS Virtualization for ARM 64 3.0.1.0 : libarchive (EulerOS-SA-2019-1390)

According to the versions of the libarchive package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-41...

Apache Tomcat 7.0.x < 7.0.88 Denial of Service

Binary data 700678.pasl...

Apache Tomcat 8.5.x < 8.5.31 Denial of Service

Binary data 700694.pasl...

CVE-2019-9718

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

H.264 decoder buffer overflow vulnerability in multiple Qualcomm products

The Qualcomm MDM9650 and others are a central processing unit CPU product of Qualcomm Incorporated USA. A buffer overflow vulnerability exists in the H.264 decoder in multiple Qualcomm products, which arises when a networked system or product performs an operation in memory without properly...

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)

Title: Linux/x86 - Multiple keys XOR Encoder / Decoder execve/bin/sh Shellcode 59 bytes Author: Xavi Beltran Date: 05/05/2019 Contact: email protected Purpose: spawn /bin/sh shell Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 59 bytes sh.nasm global start section .text start: xor eax, eax pu...