Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the MakeTable in the decompression routine when bit-length values from a crafted firmware blob exceed the expected range, leading to stack memory corruption in the Count array and related decode tables. An...

Important: edk2

Issue Overview: A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. CVE-2018-3613 improper DNS...

edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function

REJECTED CVE A stack-based buffer overflow vulnerability was identified in EDK-2 within the MakeTable function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to...

libreoffice/htmlfuzzer: Bad-cast to SwTable from invalid vptr in HTMLTable::MakeTable

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=4587072460423168 Project: libreoffice Fuzzer: libFuzzerlibreofficehtmlfuzzer Fuzz target binary: htmlfuzzer Job Type: libfuzzerubsanlibreoffice Platform Id: linux Crash Type: Bad-cast Crash...