202 matches found
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the gethistogram function when processing a specially crafted TIFF file. An attacker can cause memory corruption, causing a denial of service and potentially impacting confidentiality and integrity, by supplying a...
LibTIFF 资源管理错误漏洞
LibTIFF is a LibTIFF open source library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A resource management error vulnerability exists in LibTIFF version 4.7.0 and earlier, which stems from the existence of...
A Dual-Layer Image Encryption Framework Using Chaotic AES with Dynamic S-Boxes and Steganographic QR Codes
This paper presents a robust image encryption and key distribution framework that integrates an enhanced AES-128 algorithm with chaos theory and advanced steganographic techniques for dual-layer security. The encryption engine features a dynamic ShiftRows operation controlled by a logistic map,...
CVE-2022-50075
The CVE-2022-50075 entry concerns Linux kernel tracing/eprobes. A NULL pointer dereference can occur when a symbol "@" is used with an event probe, because eprobes previously did not handle data sources beyond main registers (e.g., immediate addresses, symbols, current task name). The issue is mi...
Urania: Differentially Private Insights into AI Use
We introduce $Urania$, a novel framework for generating insights about LLM chatbot interactions with rigorous differential privacy DP guarantees. The framework employs a private clustering mechanism and innovative keyword extraction methods, including frequency-based, TF-IDF-based, and LLM-guided...
Private Rate-Constrained Optimization with Applications to Fair Learning
Many problems in trustworthy ML can be formulated as minimization of the model error under constraints on the prediction rates of the model for suitably-chosen marginals, including most group fairness constraints demographic parity, equality of odds, etc.. In this work, we study such constrained...
Robustness Analysis against Adversarial Patch Attacks in Fully Unmanned Stores
The advent of convenient and efficient fully unmanned stores equipped with artificial intelligence-based automated checkout systems marks a new era in retail. However, these systems have inherent artificial intelligence security vulnerabilities, which are exploited via adversarial patch attacks,...
CVE-2023-53093
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
SUSE CVE-2023-53093
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
CVE-2023-53093
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
CVE-2023-53093
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
DEBIAN-CVE-2023-53093
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
UBUNTU-CVE-2023-53093
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
CVE-2023-53093 tracing: Do not let histogram values have some modifiers
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
CVE-2023-53093 tracing: Do not let histogram values have some modifiers
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
CVE-2023-53093
CVE-2023-53093 affects the Linux kernel tracing subsystem, where histogram values are not allowed to use certain modifiers. The root cause is that histogram code was not prepared to handle modifiers for histograms, leading to a NULL pointer dereference and kernel oops when printing histograms via...
PT-2025-18857
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A bug in the Linux kernel's histogram code allowed histogram values to have certain modifiers, which caused a bug. The issue occurred when attempting to set a histogram value to a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from histogram values not allowing certain modifiers...
SUSE CVE-2025-21899
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting namedtriggers list The following commands causes a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo 'hist:name=bad:keys=commonpid:onmaxbogus.savecommonpid' trigger bash: echo: write...
SUSE CVE-2023-53005
In the Linux kernel, the following vulnerability has been resolved: traceeventshist: add check for return value of 'createhistfield' Function 'createhistfield' is called recursively at traceeventshist.c:1954 and can return NULL-value that's why we have to check it to avoid null pointer dereferenc...