PT-2026-22018

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the RLE planar decode path within the planar decompress plane rle function, where it writes to memory without proper...

EUVD-2022-44028

Malicious code in bioql PyPI...

NewStart CGSL MAIN 7.02 : libmicrohttpd Vulnerability (NS-SA-2025-0091)

The remote NewStart CGSL host, running version MAIN 7.02, has libmicrohttpd packages installed that are affected by a vulnerability: - GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c...

CentOS 9 : libmicrohttpd-0.9.72-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libmicrohttpd-0.9.72-5.el9 build changelog. - GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the...

EulerOS 2.0 SP5 : libmicrohttpd (EulerOS-SA-2024-1146)

According to the versions of the libmicrohttpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the...

Advisory ROSA-SA-2023-2217

Software: libmicrohttpd 0.9.76 OS: ROSA-CHROME packageevrstring: libmicrohttpd-0.9.76-1.src.rpm CVE-ID: CVE-2023-27371 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: GNU libmicrohttpd before version 0.9.76 allowed remote DoS denial of service due to improper multipart/form-data boundary parsing in the...

Medium: libmicrohttpd

Issue Overview: GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0'...

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

CVE-2022-40761

The function teeobjfree in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service DoS by invoking the function TEEAllocateOperation with a disturbed heap layout, related to uteecrypobjalloc...

CVE-2022-40761

The function teeobjfree in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service DoS by invoking the function TEEAllocateOperation with a disturbed heap layout, related to uteecrypobjalloc...

Heap overflow

The function teeobjfree in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service DoS by invoking the function TEEAllocateOperation with a disturbed heap layout, related to uteecrypobjalloc...

CVE-2022-40761

The function teeobjfree in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service DoS by invoking the function TEEAllocateOperation with a disturbed heap layout, related to uteecrypobjalloc...

CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...

Design/Logic Flaw

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...

CVE-2021-3695

CVE-2021-3695 affects grub2. A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2 heap, leading to heap data corruption and potentially arbitrary code execution, bypassing secure boot protections. The vulnerability requires heap-layout triage and the written values are r...

CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an...

CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an...

SUSE SLES12 Security Update : grub2 (SUSE-SU-2022:2037-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2037-1 advisory. - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that t...

How to understand stack and heap overflow exploits-a vulnerability warning-the black bar safety net

This article is a detailed description of the heap,and will teach you how to write a heap-based overflow vulnerability. Run the following program: include include include int mainint argc, char argv char buf1 = malloc1 2 8; char buf2 = malloc2 5 6; read's filenostdin, buf1, 2 0 0; freebuf2;...