InputStream::read_exact : `Read` on uninitialized buffer causes UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

GHSA-25GW-4PCC-45CF Deserialization of Untrusted Data in Apache Batik

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

CVE-2022-27607

Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4HvccAtom class, a different issue than CVE-2018-14531...

Rust buffoon crate has an unspecified vulnerability

Rust buffoon crate is a simple buffer library for the Rust Google protocol. a security vulnerability exists in Rust buffoon crate, which stems from the fact that InputStream::read exact can read data from an uninitialized memory location. No details of the vulnerability are currently available...

CVE-2020-36512

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::readexact may read from uninitialized memory locations...

Memory corruption

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::readexact may read from uninitialized memory locations...

Rust buffoon crate 安全漏洞

Rust buffoon crate is a simple buffer library for the Rust Google protocol. a security vulnerability exists in Rust buffoon crate, which stems from the fact that InputStream::read exact can read data from an uninitialized memory location. No details of the vulnerability are currently available...

CVE-2020-36512

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::readexact may read from uninitialized memory locations...

CVE-2020-36512

The CVE-2020-36512 entry concerns the Rust crate buffoon (through 2020-12-31). Affected code path: InputStream::read_exact may read from uninitialized memory, causing undefined behavior and potential memory exposure. Documented in multiple feeds (NVD, Red Hat, OSV, CNVD, etc.) with UB implication...

CVE-2021-32265

An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4MemoryByteStream::WritePartial located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure...

CVE-2018-10790

The AP4CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service application crash, related to a memory allocation failure, as demonstrated by mp2aac...

CVE-2020-23332

A heap-based buffer overflow exists in the AP4StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service DOS...

CVE-2020-21066

An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4Dec3Atom::AP4Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service program crash, as demonstrated by mp42aac...

InputStream::read_exact : `Read` on uninitialized buffer causes UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

RUSTSEC-2020-0154 InputStream::read_exact : `Read` on uninitialized buffer causes UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

Arbitrary File Write

Packwood MPXJ is vulnerable to arbitrary file write. The vulnerability exists because it does not properly validate the path from inputStream, leading to the writing of files outside of the target directory...

Red Hat Keycloak Input Validation Error Vulnerability (CNVD-2020-41186)

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An input validation error vulnerability exists in ObjectInputStream in Red Hat Keycloak versions prior to 11.0.0, which stems from the program...

CVE-2019-20090

An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp...

CVE-2019-17528

An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4Processor::ProcessFragments in Core/Ap4Processor.cpp...

CVE-2019-17453

Bento4 1.5.1.0 has a NULL pointer dereference in AP4DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact...