XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

libreoffice:cgmfuzzer: Heap-buffer-overflow in CGMBitmap::ImplGetBitmap

Project: git://anongit.freedesktop.org/libreoffice/core Detailed Report: https://oss-fuzz.com/testcase?key=5640502099050496 Project: libreoffice Fuzzing Engine: libFuzzer Fuzz Target: cgmfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...

c-ares/ares_parse_reply_fuzzer: Heap-buffer-overflow in ares_parse_aaaa_reply

Project: https://github.com/c-ares/c-ares.git Detailed report: https://oss-fuzz.com/testcase?key=5650695891451904 Project: c-ares Fuzzer: libFuzzerc-aresaresparsereplyfuzzer Fuzz target binary: aresparsereplyfuzzer Job Type: libfuzzerasanc-ares Platform Id: linux Crash Type: Heap-buffer-overflow...

keystone/fuzz_asm_x86_64: Bad-cast to llvm_ks::X86OperandX86AsmParser::MatchAndEmitATTInstruction in AsmParser::parseStatement

Detailed report: https://oss-fuzz.com/testcase?key=5121855985287168 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmx8664 Fuzz target binary: fuzzasmx8664 Job Type: libfuzzerubsankeystone Platform Id: linux Crash Type: Bad-cast Crash Address: 0x00000210d120 Crash State: Bad-cast to...

openh264/decoder_fuzzer: Heap-use-after-free in WelsDec::MapColToList0

Project: https://github.com/cisco/openh264.git Detailed report: https://oss-fuzz.com/testcase?key=5651073894711296 Project: openh264 Fuzzer: libFuzzeropenh264decoderfuzzer Fuzz target binary: decoderfuzzer Job Type: libfuzzerasanopenh264 Platform Id: linux Crash Type: Heap-use-after-free READ 4...

skia/android_codec: Heap-buffer-overflow in swizzle_index_to_n32

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5755937772535808 Project: skia Fuzzer: aflskiaandroidcodec Fuzz target binary: androidcodec Job Type: aflasanskia Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 4 Crash Address:...

[SECURITY] [DSA 4309-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4309-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 01, 2018 https://www.debian.org/security/faq -...

hoextdown/hoedown_fuzzer: Heap-use-after-free in rndr_attributes

Project: https://github.com/kjdev/hoextdown.git Detailed report: https://oss-fuzz.com/testcase?key=5675863935811584 Project: hoextdown Fuzzer: libFuzzerhoextdownhoedownfuzzer Fuzz target binary: hoedownfuzzer Job Type: libfuzzerasanhoextdown Platform Id: linux Crash Type: Heap-use-after-free READ...

imagemagick/enhance_fuzzer: Use-of-uninitialized-value in EnhanceImage

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=6266492497690624 Project: imagemagick Fuzzer: libFuzzerimagemagickenhancefuzzer Fuzz target binary: enhancefuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

unrar/unrar_fuzzer: Index-out-of-bounds in Unpack::LongLZ

Project: https://github.com/aawc/unrar.git Detailed report: https://oss-fuzz.com/testcase?key=4683334295748608 Project: unrar Fuzzer: libFuzzerunrarfuzzer Fuzz target binary: unrarfuzzer Job Type: libfuzzerubsanunrar Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State:...

Vulnerability in OpenSSL - bn_sqrx8x_internal carry bug on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible...

chakra: Stack-use-after-scope in Emit

Project: https://github.com/Microsoft/ChakraCore.git Detailed report: https://oss-fuzz.com/testcase?key=6522431389827072 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: Stack-use-after-scope READ 8 Crash Address: 0x7ff7f4c4a1d0 Crash State: Emit...

Vulnerability in OpenSSL - Malformed X.509 IPAddressFamily could cause OOB read

While parsing an IPAdressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. Found by Google OSS-Fuzz...

ots: Heap-use-after-free in ots::OTSStream::Write

Project: https://github.com/khaledhosny/ots.git Detailed report: https://oss-fuzz.com/testcase?key=5372103857537024 Project: ots Fuzzer: libFuzzerotsots-fuzzer Fuzz target binary: ots-fuzzer Job Type: libfuzzerasanots Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address:...

harfbuzz: Use-of-uninitialized-value in int OT::SortedArrayOf<OT::GlyphID, OT::IntType<unsigned short, 2u> >::bsearch<un

Detailed report: https://oss-fuzz.com/testcase?key=6023178755244032 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-fuzzer Fuzz target binary: hb-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: int OT::SortedArrayOf...

libtsm: Global-buffer-overflow in vte_write_debug

Project: git://people.freedesktop.org/dvdhrm/libtsm Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6258143222824960 Project: libtsm Fuzzer: libFuzzerlibtsmfuzzer Fuzz target binary: libtsmfuzzer Job Type: libfuzzerasanlibtsm Platform Id: linux Crash Type:...

libtsm: Heap-buffer-overflow in tsm_screen_tab_left

Project: git://people.freedesktop.org/dvdhrm/libtsm Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5633680093478912 Project: libtsm Fuzzer: libFuzzerlibtsmfuzzer Fuzz target binary: libtsmfuzzer Job Type: libfuzzerasanlibtsm Platform Id: linux Crash Type:...