841 matches found
ROS-20221025-01
A vulnerability in the specialized shapelib library is related to a double memory release in the contrib/shpsort.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or other unspecified impact by controlling malloc...
AZL-28599 CVE-2022-0699 affecting package shapelib for versions less than 1.5.0-3
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc...
DEBIAN-CVE-2022-0699
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc...
CVE-2022-0699
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc...
CVE-2022-0699
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc...
Double free
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc...
CVE-2022-0699
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc...
CVE-2022-0699
The CVE-2022-0699 issue affects shapelib (library for ESRI Shapefiles) up to and including version 1.5.0. A double-free in contrib/shpsort.c can lead to denial of service or other unspecified impact via controlled malloc. Multiple connected advisories confirm fixes or mitigations in various distr...
CVE-2022-0699
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc...
CVE-2022-0699
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2022-2310)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an...
AlmaLinux 8 : curl (ALSA-2022:6159)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6159 advisory. - curl 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different...
Oracle Linux 9 : curl (ELSA-2022-6157)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6157 advisory. - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 Tenable has extracted the preceding descripti...
SUSE SLES15 Security Update : curl (SUSE-SU-2022:2829-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2829-1 advisory. - libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate...
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink causing an out-of-bounds read.
...
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname causing an out-of-bounds read.
...
PNGDec 安全漏洞
PNGDec is an Arduino PNG image decoder library from the individual developer Larry Bank. A security vulnerability exists in PNGDec, which stems from a memory allocation issue in asanmalloclinux.cpp...
PT-2022-24246 · Samsung · Samsung Mtower
Name of the Vulnerable Software and Affected Versions: Samsung mTower versions 0.3.0 and earlier Description: The issue allows a trusted application to achieve excessive memory allocation via a large len value, potentially leading to a kernel crash, as demonstrated by a Numaker-PFM-M2351 TEE kern...
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...