N-Prolog 安全漏洞

N-Prolog is an Arity/Prolog32-compatible interpreter and compiler from the individual developer kenichi sasagawa. A security vulnerability exists in N-Prolog v1.91, which stems from the inclusion of a global buffer overflow in the function gettoken in Main.c. The vulnerability is caused by the...

CVE-2022-43343

N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken at Main.c...

CVE-2020-36405

Keystone Engine 0.9.2 has a use-after-free in llvmks::X86Operand::getToken...

CVE-2020-36405

Keystone Engine 0.9.2 has a use-after-free in llvmks::X86Operand::getToken...

Design/Logic Flaw

Keystone Engine 0.9.2 has a use-after-free in llvmks::X86Operand::getToken...

CVE-2020-36405

Keystone Engine 0.9.2 has a use-after-free in llvmks::X86Operand::getToken...

CVE-2020-36405

CVE-2020-36405 concerns Keystone Engine v0.9.2, where a use-after-free bug occurs in llvm_ks::X86Operand::getToken. The NVD entry reports a CVSS 3.1 base score of 7.8 (HIGH) with LOCAL attack vector, no privileges required, but user interaction required, and impacts on confidentiality, integrity,...

Pixar OpenUSD binary file format index type values information leak vulnerability

Talos Vulnerability Report TALOS-2020-1105 Pixar OpenUSD binary file format index type values information leak vulnerability November 12, 2020 CVE Number CVE-2020-13498,CVE-2020-13496,CVE-2020-13497 SUMMARY An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain...

OSV-2020-789 Heap-use-after-free in llvm_ks::X86Operand::getToken

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22850 Crash type: Heap-use-after-free READ 4 Crash state: llvmks::X86Operand::getToken X86AsmParser::MatchAndEmitATTInstruction X86AsmParser::MatchAndEmitInstruction...

keystone:fuzz_asm_x86_16: Heap-use-after-free in llvm_ks::X86Operand::getToken

Detailed Report: https://oss-fuzz.com/testcase?key=5637154293415936 Project: keystone Fuzzing Engine: afl Fuzz Target: fuzzasmx8616 Job Type: aflasankeystone Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0x60d000000a28 Crash State: llvmks::X86Operand::getToken...

UBUNTU-CVE-2018-19842

getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly data, as demonstrated by rasm2...

CVE-2018-19842

getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly data, as demonstrated by rasm2...

radare2 'getToken' function denial of service vulnerability

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in the 'getToken' function in the libr/asm/p/asmx86nz.c file in radare2 versions prior to 3.1.0. An attacker can exploit this vulnerability to cause a denial of service stack buffer out-of-bound...

keystone/fuzz_asm_x86_16: Heap-use-after-free in llvm_ks::X86Operand::getToken

Detailed report: https://oss-fuzz.com/testcase?key=5740417828519936 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmx8616 Fuzz target binary: fuzzasmx8616 Job Type: libfuzzerasankeystone Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0x60d0000003a8 Crash State:...

UBUNTU-CVE-2017-9160

libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscannergettoken function in input-pnm.c:458:12...

PT-2017-18742 · Martin Weber +1 · Autotrace +1

Name of the Vulnerable Software and Affected Versions: AutoTrace version 0.31.1 Description: The issue is a stack-based buffer overflow in the pnmscanner gettoken function, located in the input-pnm.c file. This function is part of the libautotrace.a library in AutoTrace. Recommendations: For...

CVE-2016-2317

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service crash via a crafted SVG file, related to the 1 TracePoint function in magick/render.c, 2 GetToken function in magick/utility.c, and 3 GetTransformTokens function in coders/svg.c...

CVE-2016-2317

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service crash via a crafted SVG file, related to the 1 TracePoint function in magick/render.c, 2 GetToken function in magick/utility.c, and 3 GetTransformTokens function in coders/svg.c...

CVE-2014-7922

CVE-2014-7922 involves the GoogleAuthUtil.getToken method in the Google Play services SDK prior to 2015. The vulnerability arises when the code sets parameters in OAuth token requests after detecting a corresponding opt parameter in the Bundle extras argument, enabling a crafted application to by...

Fedora 20 : mediawiki-1.21.2-1.fc20 (2013-15937)

SECURITY: Fix extension detection with 2 .'s - SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. - SECURITY: Sanitize ResourceLoader exception messages - Purge upstream caches when deleting file assets. - Unit test suite...