CVE-2016-3935

Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999665 and Qualcomm...

CVE-2016-3901

CVE-2016-3901 affects the Qualcomm cryptographic engine driver (drivers/crypto/msm/qcedev.c) in Android. It describes multiple integer overflows that enable a local privilege escalation via a crafted application on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices. Root cause is integer overfl...

CVE-2016-3935

Concretely documented vulnerability: CVE-2016-3935 is an integer-overflow flaw in the Qualcomm cryptographic engine driver (drivers/crypto/msm/qcedev.c) that affects Android on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices. Root cause is multiple integer overflows in qcedev.c, which can en...

FreeBSD -- Heap overflow vulnerability in bspatch

Problem Description: The implementation of bspatch is susceptible to integer overflows with carefully crafted input, potentially allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was partially addressed in FreeBSD-SA-16:25.bspatch, but som...

FreeBSD-SA-16:29.bspatch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:29.bspatch Security Advisory The FreeBSD Project Topic: Heap overflow vulnerability in bspatch Category: core Module: bsdiff Announced: 2016-10-10 Affects:...

CVE-2016-7167

Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...

CVE-2016-7167

Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...

CVE-2016-7167

Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...

CVE-2016-7167

Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...

OpenSSL 1.0.1 < 1.0.1u / 1.0.2 < 1.0.2i Multiple Vulnerabilities

Binary data 9625.prm...

CVE-2016-7945

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service out-of-bounds memory access or infinite loop via vectors involving length fields...

CVE-2016-7947

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response...

CVE-2016-3945

Multiple integer overflows in the 1 cvtbystrip and 2 cvtbytile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write...

CVE-2016-3945

Multiple integer overflows in the 1 cvtbystrip and 2 cvtbytile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write...

CVE-2016-3945

Multiple integer overflows in the 1 cvtbystrip and 2 cvtbytile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write...

CVE-2015-8931

Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...

CVE-2015-8931

CVE-2015-8931 involves multiple integer overflows in libarchive’s mtree support. The vulnerability arises in archive_read_support_format_mtree.c (mtree parser) in libarchive before 3.2.0, potentially allowing a remote attacker to trigger undefined behavior via a crafted mtree file. Connected advi...

CVE-2015-8931

Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...

CVE-2015-8931

Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...

cURL -- Escape and unescape integer overflows

The cURL project reports The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked...