curl: Occasional use-after-free in multi_done() libcurl-7.81.0

We are seeing the use of a struct connectdata on a thread after it was returned to the connection cache and thus available for use on other threads including potential deallocation in multidone in libcurl-7.81.0. This could occasionally result in an actual use-after-free, witnessed on Windows 10...

xmlsec/xmlsec_fuzzer: Heap-use-after-free in xmlStrndup

Project: https://github.com/lsh123/xmlsec.git Detailed report: https://oss-fuzz.com/testcase?key=5630952466808832 Project: xmlsec Fuzzer: libFuzzerxmlsecfuzzer Fuzz target binary: xmlsecfuzzer Job Type: libfuzzerasanxmlsec Platform Id: linux Crash Type: Heap-use-after-free READ 1 Crash Address:...

CVE-2018-11723

The libpffnametoidmapentryread function in libpffnametoidmap.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub...