CVE-2021-37600

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic...

SUSE-SU-2021:0669-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow bsc1182066...

CVE-2020-36242

The CVE refers to the Python cryptography package prior to 3.3.2. The issue arises from certain sequences of update() calls when symmetrically encrypting very large (multi-GB) payloads, which can trigger an integer overflow and buffer overflow, as demonstrated by the Fernet class. This affects cr...

CVE-2020-10938

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c...

CVE-2020-10531

An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...

CVE-2019-19638

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function loadpnm at frompnm.c, due to an integer overflow...

SUSE-SU-2018:3498-1 Security update for lcms2

This update for lcms2 fixes the following issues: - CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. bsc1108813...

Integer overflow

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear...

CVE-2017-15854

The value of fixparam-numchans is received from firmware and if it is too large, an integer overflow can occur in wmaradiochanstatseventhandler for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android usin...

CVE-2017-12101

An exploitable integer overflow exists in the 'modifiermdefcompactinfluences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

CVE-2017-12105

An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context...

Debian DSA-3786-1 : vim - security update

Editor spell files passed to the vim Vi IMproved editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

CVE-2016-5159

Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JPEG 2000 data...

cgit -- multiple vulnerabilities

Jason A. Donenfeld reports: Reflected Cross Site Scripting and Header Injection in Mimetype Query String. Stored Cross Site Scripting and Header Injection in Filename Parameter. Integer Overflow resulting in Buffer Overflow...

[SECURITY] [DLA 243-1] libraw security update

Package : libraw Version : 0.9.1-1+deb6u1 CVE ID : CVE-2015-3885 Debian Bug : 786788 This DLA supersedes my wrong announcement using DLA 241-1 CVE-2015-3885: Integer overflow in the ljpegstart function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service crash via a...

CVE-2015-3885

Integer overflow in the ljpegstart function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service crash via a crafted image, which triggers a buffer overflow, related to the len variable...

libvncserver security update

CentOS Errata and Security Advisory CESA-2014:1826 Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS ba...

CVE-2013-4397

Multiple integer overflows in the thread function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 name or 2 link in an archive, which triggers a heap-based buffer overflow...

RedHat Update for ghostscript RHSA-2012:1256-01

Check for the Version of ghostscript OpenVAS Vulnerability Test RedHat Update for ghostscript RHSA-2012:1256-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CVE-2012-3418

libpcp in Performance Co-Pilot PCP before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via 1 a PDU with the numcreds field value greater than the number of actual elements to the pmDecodeCreds function in pcreds.c; 2 the string byte number value t...