OSV-2022-953 Dynamic-stack-buffer-overflow in rx_icmp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51757 Crash type: Dynamic-stack-buffer-overflow WRITE Crash state: rxicmp rxip miprx...

OSV-2021-1670 Dynamic-stack-buffer-overflow in zend_calc_live_ranges

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42156 Crash type: Dynamic-stack-buffer-overflow READ 4 Crash state: zendcalcliveranges passtwo zendcompilefuncdecl...

ASB-A-199065614

In vorbisbookdecodevset of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

OSV-2021-1634 Dynamic-stack-buffer-overflow in OutputJsonDNP3SetItem

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41487 Crash type: Dynamic-stack-buffer-overflow READ 4 Crash state: OutputJsonDNP3SetItem JsonDNP3LogObjects JsonDNP3LogResponse...

OSV-2021-1015 Dynamic-stack-buffer-overflow in VP8SetSegmentParams

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36191 Crash type: Dynamic-stack-buffer-overflow WRITE Crash state: VP8SetSegmentParams SetLoopParams OneStatPass...

OSV-2021-1008 Dynamic-stack-buffer-overflow in clear_opt_map_info

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36155 Crash type: Dynamic-stack-buffer-overflow WRITE Crash state: clearoptmapinfo optimizenodeleft setoptimizeinfofromtree...

OSV-2021-1003 Dynamic-stack-buffer-overflow in mdb_numeric_to_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187 Crash type: Dynamic-stack-buffer-overflow WRITE 16 Crash state: mdbnumerictostring mdbxferbounddata mdbattemptbind...

OSV-2021-977 Dynamic-stack-buffer-overflow in std::__1::pair<unsigned int, unsigned int>::pair<unsigned int, unsigned int, fal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36062 Crash type: Dynamic-stack-buffer-overflow WRITE 4 Crash state: std::1::pair::pair::type, std::1::unw void GFWX::decode...

OSV-2021-975 Dynamic-stack-buffer-overflow in CryptDigestUpdateInt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36074 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: CryptDigestUpdateInt ComputeCpHash CheckCommandAudit...

OSV-2021-958 Dynamic-stack-buffer-overflow in mdb_numeric_to_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 Crash type: Dynamic-stack-buffer-overflow WRITE 16 Crash state: mdbnumerictostring mdbxferbounddata mdbattemptbind...

OSV-2021-950 Dynamic-stack-buffer-overflow in std::__1::__wrap_iter<hsql::Expr**>::__wrap_iter

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35944 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: std::1::wrapiter::wrapiter std::1::vector ::makeiter std::1::vector ::begin...

OSV-2021-947 Dynamic-stack-buffer-overflow in hsql::SQLParserResult::addStatement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35946 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: hsql::SQLParserResult::addStatement hsqlparse hsql::SQLParser::parse...

Integer overflow

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...

CVE-2021-26825

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...

OSV-2020-124 Dynamic-stack-buffer-overflow in RetrieveFPForSig

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21758 Crash type: Dynamic-stack-buffer-overflow WRITE 4 Crash state: RetrieveFPForSig DetectSetFastPatternAndItsId SigGroupBuild...

OSV-2020-85 Dynamic-stack-buffer-overflow in janus_rtcp_incoming_transport_cc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20529 Crash type: Dynamic-stack-buffer-overflow READ 2 Crash state: janusrtcpincomingtransportcc janusrtcpfixssrc rtcpfuzzer.c...

suricata:fuzz_sigpcap: Dynamic-stack-buffer-overflow in RetrieveFPForSig

Project: https://github.com/OISF/suricata.git Detailed Report: https://oss-fuzz.com/testcase?key=5682380569575424 Project: suricata Fuzzing Engine: libFuzzer Fuzz Target: fuzzsigpcap Job Type: libfuzzerasansuricata Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow WRITE 4 Crash Address...

janus-gateway:rtcp_fuzzer: Dynamic-stack-buffer-overflow in janus_rtcp_incoming_transport_cc

Project: https://github.com/meetecho/janus-gateway.git Detailed Report: https://oss-fuzz.com/testcase?key=5648598425665536 Project: janus-gateway Fuzzing Engine: afl Fuzz Target: rtcpfuzzer Job Type: aflasanjanus-gateway Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow READ 2 Crash...

aspell/aspell_fuzzer: Dynamic-stack-buffer-overflow in acommon::unescape

Project: https://github.com/gnuaspell/aspell.git Detailed report: https://oss-fuzz.com/testcase?key=5678055552450560 Project: aspell Fuzzer: aflaspellfuzzer Fuzz target binary: aspellfuzzer Job Type: aflasanaspell Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow READ 1 Crash Address:...

chakra: Dynamic-stack-buffer-overflow in js_memcpy_s

Project: https://github.com/Microsoft/ChakraCore.git Detailed report: https://oss-fuzz.com/testcase?key=4738279476822016 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow READ 16 Crash Address: 0x7fffa66f0a98 Crash State: jsmemcpys...