Gnome Fonts Viewer 3.34.0 - Heap Corruption Exploit

!/usr/bin/env python3 Exploit Title: Gnome Fonts Viewer 3.34.0 Heap Corruption Exploit Author: Cody Winkler Vendor Homepage: gnome.org Software Link: https://help.gnome.org/misc/release-notes/3.6/users-font-viewer.html Version: 3.34.0 Tested On: Ubuntu 20.04.1 LTS Note: May take a few tries. Too...

Denial Of Service (DoS)

libraw is vulnerable to denial of service DoS. The vulnerability exists due to lacks of a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating...

CVE-2020-15503

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength...

CVE-2020-15503

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength...

DEBIAN-CVE-2020-15503

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength...

CVE-2020-15503

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength...

EulerOS Virtualization 3.0.6.0 : cairo (EulerOS-SA-2020-1735)

According to the version of the cairo packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because o...

glibc security, bug fix, and enhancement update

2.28-101.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

CVE-2018-18483

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc called with the result of an integer-overflowing calculation or possibly have unspecified other impact via a crafted string, as demonstrated by...

CVE-2018-6551

The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...

Updated hiredis packages fix security vulnerability

Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked CVE-2020-7105...

DEBIAN-CVE-2020-9391

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has be...

CVE-2020-9391

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has be...

CVE-2020-9391

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has be...

EulerOS 2.0 SP8 : binutils (EulerOS-SA-2020-1142)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerabili...

Socat 1.7.3.4 - Heap-Based Overflow (PoC)

Exploit Title: Socat 1.7.3.4 - Heap Based Overflow PoC Date: 2020-02-03 Exploit Author: hieubl from HPT Cyber Security Vendor Homepage: http://www.dest-unreach.org/ Software Link: http://www.dest-unreach.org/socat/ Version: 1.7.3.4 Tested on: Ubuntu 16.04.6 LTS CVE : Heap-Based Overflow due to...

Debian: Security Advisory (DLA-2083-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2083-1 : hiredis security update

It was discovered that there were a large number of NULL pointer dereferences due to unchecked return values from malloc and friends in hiredis, a minimalistic C client library. For Debian 8 'Jessie', these issue have been fixed in hiredis version 0.11.0-4+deb8u1. We recommend that you upgrade yo...

[SECURITY] [DLA 2083-1] hiredis security update

Package : hiredis Version : 0.11.0-4+deb8u1 CVE ID : CVE-2020-7105 Debian Bug : 949995 It was discovered that there were a large number of NULL pointer dereferences due to unchecked return values from malloc and friends in hiredis, a minimalistic C client library. For Debian 8 "Jessie", these iss...

DEBIAN-CVE-2014-9628

The MP4ReadBoxString function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7...