Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder

Impact A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, QuickTimeVideo::multipleEntriesDecoder, was new in v0.28.0 see https://github.com/Exiv2/exiv2/pull/2337, so Exiv2 versions before v0.28...

GHSA-G9XM-7538-MQ8W Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder

Impact An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0 see https://github.com/Exiv2/exiv2/pull/2337, so Exiv2 versions before v0.28 are not affected. Exiv2 is a command-line utility and C++ library for reading...

Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder

Impact An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0 see https://github.com/Exiv2/exiv2/pull/2337, so Exiv2 versions before v0.28 are not affected. Exiv2 is a command-line utility and C++ library for reading...

OSV-2024-1220 UNKNOWN READ in Assimp::NDOImporter::InternReadFile

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372765427 Crash type: UNKNOWN READ Crash state: Assimp::NDOImporter::InternReadFile Assimp::BaseImporter::ReadFile Assimp::Importer::ReadFile...

OSV-2024-1212 Heap-buffer-overflow in cram_encode_container

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372547397 Crash type: Heap-buffer-overflow READ 8 Crash state: cramencodecontainer cramflushcontainermt cramputbamseq...

OSV-2024-1210 Heap-buffer-overflow in parse_mixed_content

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372510377 Crash type: Heap-buffer-overflow READ 1 Crash state: parsemixedcontent parsesdp fuzzparsemsg.c...

OSV-2024-1209 Heap-use-after-free in xmlValidateOneElement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372547409 Crash type: Heap-use-after-free READ 4 Crash state: xmlValidateOneElement xmlValidateElement api.c...

OSV-2024-1207 Security exception in org.apache.poi.hdgf.streams.CompressedStreamStore.decompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372515093 Crash type: Security exception Crash state: org.apache.poi.hdgf.streams.CompressedStreamStore.decompress org.apache.poi.hdgf.streams.CompressedStreamStore. org.apache.poi.hdgf.streams.Stream.createStream...

OSV-2024-1201 Heap-buffer-overflow in polygonToCellsExperimental

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372515086 Crash type: Heap-buffer-overflow WRITE 8 Crash state: polygonToCellsExperimental fuzzerPolygonToCellsExperimental.c...

OSV-2024-1199 Security exception in java.base/java.lang.Short.valueOf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372547195 Crash type: Security exception Crash state: java.base/java.lang.Short.valueOf org.apache.poi.ddf.EscherRecordTypes.forTypeID org.apache.poi.ddf.DefaultEscherRecordFactory.getConstructor...

PT-2024-40606 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue was identified, potentially causing a crash. The crash occurred in the parse mixed content and parse sdp functions,...

OSV-2024-1194 Heap-buffer-overflow in llvm::DataLayout::getIndexedOffsetInType

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372093894 Crash type: Heap-buffer-overflow READ 4 Crash state: llvm::DataLayout::getIndexedOffsetInType InterpreterStackFrame::ResolveConstantValue InterpreterStackFrame::ResolveConstant...

OSV-2024-1191 Security exception in org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371931330 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII...

OSV-2024-1182 Security exception in com.ctc.wstx.dtd.FullDTDReader.readContentSpec

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371233025 Crash type: Security exception Crash state: com.ctc.wstx.dtd.FullDTDReader.readContentSpec com.ctc.wstx.dtd.FullDTDReader.skipDtdWs com.ctc.wstx.dtd.FullDTDReader.readContentSpec...

OSV-2024-1181 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371233781 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.lang.Exception. java.base/java.lang.RuntimeException...

OSV-2024-1179 UNKNOWN READ in __dynamic_cast

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371239171 Crash type: UNKNOWN READ Crash state: dynamiccast HandleDynamicTypeCacheMiss CallbackToLogRedirector...

OSV-2024-1161 Security exception in java.base/java.util.Arrays.copyOfRange

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=370272563 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange java.base/java.lang.StringUTF16.newString java.base/java.lang.String.substring...

OSV-2024-1159 Use-of-uninitialized-value in decompress_yuv.cc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=369974248 Crash type: Use-of-uninitialized-value Crash state: decompressyuv.cc...

OSV-2024-1158 Use-of-uninitialized-value in format_message

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=370032374 Crash type: Use-of-uninitialized-value Crash state: formatmessage ultrahdr::JpegDecoderHelper::decode ultrahdr::JpegDecoderHelper::decompressImage...

PT-2024-40588 · Git +1 · Libjpeg-Turbo

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value" as reported by OSS-Fuzz. The crash occurs in the decompress yuv.cc file. No...