DEBIAN-CVE-2026-42480

A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...

CVE-2024-28119 Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...

PT-2022-26348 · Nvidia · Nvidia Gpu Display Driver

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows affected versions not specified Description: The issue is related to a vulnerability in the kernel mode layer handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive...

UBUNTU-CVE-2022-28189

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash...

PT-2022-3250

Name of the Vulnerable Software and Affected Versions NVIDIA GPU Display Driver for Windows affected versions not specified Description The issue is related to a NULL pointer dereference in the kernel mode layer handler for DxgkDdiEscape, which may lead to a system crash. This can be exploited to...

CVE-2020-12920

A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck...

PT-2021-6691 · Nvidia +2 · Nvidia Gpu Display Driver +2

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows and Linux affected versions not specified Description: The issue is related to an out of bounds array access in the kernel mode layer handler for DxgkDdiEscape, which may lead to denial of service or...

NVIDIA Windows GPU Display Driver elevation of privilege vulnerability (CNVD-2017-26300)

The NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers from NVIDIA for Windows. kernel mode layer handler for DxgkDdiEscape is one of the... kernel mode layer handler for DxgkDdiEscape. A security vulnerability exists in the kernel mode layer nvlddmkm.sys...

CVE-2016-8811

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial ...

CVE-2016-7387

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without...

NVIDIA Driver - Incorrect Bounds Check in Escape 0x70001b2 Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=940 The DxgkDdiEscape handler for 0x70001b2 doesn't do proper bounds checks for its variable size input. void sub8C4304... ... // escape-size is controlled by the user. if...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014 Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=946 There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow: ... for DWORD i = 0; numdata; ++i ... // size is user...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9 Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=947 The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow: bool...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=946 There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow: ... for DWORD i = 0; numdata; ++i ... // size is user controlled. size = escape-datai.size; for DWORD j = ...

NVIDIA Driver - No Bounds Checking in Escape 0x7000170

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=936 The DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks for the variable size input escape data, and relies on a user provided size as the upper bound for writing output. Crashing context with PoC Win 10 x64 with...

NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=937 The DxgkDdiEscape handler for 0x5000027 accepts a user provided pointer, but does no checks on it before using it. ... DWORD userptr = escape5000027data-userptr; v32 = userptr2; v33 = userptr + 3; if v32 != -1 v33 = DWORD v32;...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014

NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=946 There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow: ... for DWORD i = 0; numdata; ++i ... // size is...