857 matches found
BIT-TENSORFLOW-2021-29605 Integer overflow in TFLite memory allocation
TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...
Advisory ROSA-SA-2024-2336
software: hiredis 0.13.3 AXIS: ROSA-CHROME packageevrstring: hiredis-0.13.3-2.src.rpm CVE-ID: CVE-2021-32765 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In vulnerable versions, Hiredis is vulnerable to integer overflow if provided with maliciously crafted or corrupted RESP mult-bulk protocol data. Whe...
glibc qsort() Out-Of-Bounds Read / Write Exploit
Qualys discovered a memory corruption in the glibc's qsort function, due to a missing bounds check. To be vulnerable, a program must call qsort with a nontransitive comparison function a function cmpint a, int b that returns a - b, for example and with a large number of attacker-controlled elemen...
glibc syslog() Heap-Based Buffer Overflow Exploit
Qualys discovered a heap-based buffer overflow in the GNU C Library's vsysloginternal function, which is called by both syslog and vsyslog. This vulnerability was introduced in glibc 2.37 in August 2022. CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog...
Chrome 121 Javascript Fork Malloc Bomb
Searching the web for javascript fork malloc bomb returns results, e.g. here1: and here2: We got a javascript fork malloc bomb which crashed Chrome 121 on linux with SIGILL and about one in five runs the virtual machine freezes. SIGILL almost always is a sign of memory corruption : On android it...
Stack Buffer Underflow
libespeak-ng.so is vulnerable to Stack Buffer Underflow. The vulnerability is caused by a lack of validation for the length parameter before its passed to malloc. An attacker can exploit this by providing an excessively small or manipulated value that could potentially lead to a buffer underflow...
Medium: virtuoso-opensource
Issue Overview: An issue in the libcmalloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements. CVE-2023-31607 An issue in the dfeunitcolloci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Deni...
PT-2023-9358 · FFmpeg +4 · Ffmpeg +4
Name of the Vulnerable Software and Affected Versions: Ffmpeg version v.n6.1-3-g466799d4f5 Description: The issue is related to a buffer overflow in the av malloc function, located in the libavutil/mem.c component of the Ffmpeg library. This buffer overflow is caused by copying without checking t...
CVE-2021-27504
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution...
CVE-2021-27502
Texas Instruments TI-RTOS, when configured to use HeapMem heapdefault, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMemallocUnprotected' and result in code execution...
CVE-2021-27504
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution...
CVE-2021-27502
Texas Instruments TI-RTOS, when configured to use HeapMem heapdefault, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMemallocUnprotected' and result in code execution...
Integer overflow
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution...
CVE-2021-27504 Texas Instruments FREERTOS Integer Overflow or Wraparound
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution...
CVE-2021-22636
Texas Instruments TI-RTOS, when configured to use HeapMem heapdefault, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMemallocUnprotected' and result in code execution...
CVE-2021-22636
Texas Instruments TI-RTOS, when configured to use HeapMem heapdefault, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMemallocUnprotected' and result in code execution...
CVE-2021-22636
CVE-2021-22636 involves Texas Instruments TI-RTOS where, when using the HeapMem heap, malloc can return a pointer to a small buffer for extremely large values, triggering an integer overflow in HeapMem_allocUnprotected and potentially enabling code execution. Connected documents corroborate the T...
SUSE CVE-2023-45676
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz overflows with sz+7 in and the negative...
Out-of-Bounds Write
Overview Affected versions of this package are vulnerable to Out-of-Bounds Write in the f-vendori = get8packetf; function. An attacker can trigger an out-of-bounds write and potentially execute arbitrary code by providing a crafted file. This is due to an integer overflow in setupmalloc where a...
DEBIAN-CVE-2023-45676
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz overflows with sz+7 in and the negative...