44 matches found
CVE-2022-43343
N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken at Main.c...
CVE-2022-43343
CVE-2022-43343 concerns N-Prolog v1.91, where a global buffer overflow is reported in the function gettoken() at Main.c. The vulnerability is documented with a faulty write into a global buffer, as demonstrated by an AddressSanitizer report pointing to parser.c:1022 and noting proximity to global...
CVE-2020-36405
Keystone Engine 0.9.2 has a use-after-free in llvmks::X86Operand::getToken...
CVE-2020-36405
Keystone Engine 0.9.2 has a use-after-free in llvmks::X86Operand::getToken...
Design/Logic Flaw
Keystone Engine 0.9.2 has a use-after-free in llvmks::X86Operand::getToken...
CVE-2020-36405
CVE-2020-36405 concerns Keystone Engine v0.9.2, where a use-after-free bug occurs in llvm_ks::X86Operand::getToken. The NVD entry reports a CVSS 3.1 base score of 7.8 (HIGH) with LOCAL attack vector, no privileges required, but user interaction required, and impacts on confidentiality, integrity,...
CVE-2020-36405
Keystone Engine 0.9.2 has a use-after-free in llvmks::X86Operand::getToken...
Pixar OpenUSD binary file format index type values information leak vulnerability
Talos Vulnerability Report TALOS-2020-1105 Pixar OpenUSD binary file format index type values information leak vulnerability November 12, 2020 CVE Number CVE-2020-13498,CVE-2020-13496,CVE-2020-13497 SUMMARY An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain...
OSV-2020-789 Heap-use-after-free in llvm_ks::X86Operand::getToken
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22850 Crash type: Heap-use-after-free READ 4 Crash state: llvmks::X86Operand::getToken X86AsmParser::MatchAndEmitATTInstruction X86AsmParser::MatchAndEmitInstruction...
keystone:fuzz_asm_x86_16: Heap-use-after-free in llvm_ks::X86Operand::getToken
Detailed Report: https://oss-fuzz.com/testcase?key=5637154293415936 Project: keystone Fuzzing Engine: afl Fuzz Target: fuzzasmx8616 Job Type: aflasankeystone Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0x60d000000a28 Crash State: llvmks::X86Operand::getToken...
CVE-2018-19842
getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly data, as demonstrated by rasm2...
UBUNTU-CVE-2018-19842
getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly data, as demonstrated by rasm2...
radare2 'getToken' function denial of service vulnerability
radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in the 'getToken' function in the libr/asm/p/asmx86nz.c file in radare2 versions prior to 3.1.0. An attacker can exploit this vulnerability to cause a denial of service stack buffer out-of-bound...
keystone/fuzz_asm_x86_16: Heap-use-after-free in llvm_ks::X86Operand::getToken
Detailed report: https://oss-fuzz.com/testcase?key=5740417828519936 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmx8616 Fuzz target binary: fuzzasmx8616 Job Type: libfuzzerasankeystone Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0x60d0000003a8 Crash State:...
UBUNTU-CVE-2017-9160
libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscannergettoken function in input-pnm.c:458:12...
PT-2017-18742 · Martin Weber +1 · Autotrace +1
Name of the Vulnerable Software and Affected Versions: AutoTrace version 0.31.1 Description: The issue is a stack-based buffer overflow in the pnmscanner gettoken function, located in the input-pnm.c file. This function is part of the libautotrace.a library in AutoTrace. Recommendations: For...
CVE-2016-2317
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service crash via a crafted SVG file, related to the 1 TracePoint function in magick/render.c, 2 GetToken function in magick/utility.c, and 3 GetTransformTokens function in coders/svg.c...
CVE-2016-2317
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service crash via a crafted SVG file, related to the 1 TracePoint function in magick/render.c, 2 GetToken function in magick/utility.c, and 3 GetTransformTokens function in coders/svg.c...
CVE-2014-7922
CVE-2014-7922 involves the GoogleAuthUtil.getToken method in the Google Play services SDK prior to 2015. The vulnerability arises when the code sets parameters in OAuth token requests after detecting a corresponding opt parameter in the Bundle extras argument, enabling a crafted application to by...
Fedora 20 : mediawiki-1.21.2-1.fc20 (2013-15937)
SECURITY: Fix extension detection with 2 .'s - SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. - SECURITY: Sanitize ResourceLoader exception messages - Purge upstream caches when deleting file assets. - Unit test suite...