36 matches found
CVE-2017-17426
The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...
CVE-2017-17426
The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...
Integer overflow
The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...
CVE-2017-17426
The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...
CVE-2017-17426
The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...
CVE-2017-17426
CVE-2017-17426 affects the GNU C Library (glibc/libc6) up to version 2.26. The heap overflow arises from an integer overflow check missing in the per-thread cache (tcache) path when allocating an object near SIZE_MAX, potentially allowing code execution. Exploitation details are not provided in t...
Microsoft Edge Chakra JIT - Lowerer::LowerBoundCheck Incorrect Integer Overflow Check Exploit
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1343 Here's a snippet of the method. void Lowerer::LowerBoundCheckIR::Instr const instr ... ifrightOpnd-IsIntConstOpnd IntConstType newOffset; if!IntConstMath::Addoffset,...
Microsoft Edge Chakra: JIT - Lowerer::LowerBoundCheck Incorrect Integer Overflow Check
Microsoft Edge Chakra: JIT - Lowerer::LowerBoundCheck Incorrect Integer Overflow Check / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1343 Here's a snippet of the method. void Lowerer::LowerBoundCheckIR::Instr const instr ... ifrightOpnd-IsIntConstOpnd IntConstType newOffset;...
Ubuntu 14.04 LTS / 16.04 LTS : Ghostscript vulnerabilities (USN-3403-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3403-1 advisory. Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service...
USN-3403-1: Ghostscript vulnerabilities
Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. CVE-2017-11714 Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted...
Failed integer overflow check leads to heap overflow in driver /dev/qce (CVE-2016-3935)
No description provided by source. https://github.com/jiayy/androidvulnpoc-exp/tree/master/EXP-CVE-2016-3935...
CVE-2017-9835
The gsallocrefarray function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer...
CVE-2017-9835
The gsallocrefarray function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer...
CVE-2017-9835
The gsallocrefarray function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer...
Internet Bug Bounty: Unsafe arithmetic in PyString_DecodeEscape
I have submitted a vulnerability that has now been fixed. The report includes a proof of concept that demonstrates reliable heap corruption through integer overflow. I also submitted a patch which was accepted and merged. https://bugs.python.org/issue30657 --- In Python 2.7, there is a possible...
CentOS Update for kernel CESA-2010:0936 centos4 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...