406 matches found
Null pointer dereference
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...
CVE-2017-13135
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...
CVE-2017-13135
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...
DEBIAN-CVE-2017-13135
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...
UBUNTU-CVE-2017-13135
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...
CVE-2017-13135
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...
CVE-2017-13135
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure...
colorscore Command Injection vulnerability
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the 1 imagepath, 2 colors, or 3 depth variable...
gdal: Heap-buffer-overflow in DDFFieldDefn::Initialize
Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5536723368935424 Project: gdal Fuzzer: libFuzzergdalogrfuzzer Fuzz target binary: ogrfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...
Security update for ruby2.1 (important)
This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation does...
PT-2017-17958 · Freetype +1 · Freetype +1
Name of the Vulnerable Software and Affected Versions: FreeType 2 versions prior to 2017-03-08 Description: The issue is caused by a heap-based buffer overflow related to the TT Get MM Var function in truetype/ttgxvar.c and the sfnt init face function in sfnt/sfobjs.c, resulting in an out-of-boun...
UBUNTU-CVE-2017-6827
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file...
CVE-2016-2339
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...
UBUNTU-CVE-2016-2339
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...
PT-2017-2445 · Ruby +2 · Ruby +2
Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: A heap overflow issue exists in the Fiddle::Function.new "initialize" function functionality of Ruby. The heap buffer "arg types" allocation is made based on the args array length. A specially...
ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution
It was found that the ghostscript function .initializedscparser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process...
ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution
It was found that the ghostscript function .initializedscparser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process...
CVE-2016-6836
The vmxnet3completepacket function in hw/net/vmxnet3.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcqdescr object...
shopify-scripts: Segmentation fault when a Ruby method is invoked by a C method via Object#send
We can arrange for C to call Objectsend by aliasing it over initialize. This will cause Classnew a C function to call initialize which is actually Objectsend with arbitrary arguments. If we invoke a Ruby method through Objectsend, mruby segfaults: def foo end class X aliasmethod :initialize, :sen...
CVE-2016-6836
The vmxnet3completepacket function in hw/net/vmxnet3.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcqdescr object...