SUSE CVE-2019-8354

An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow...

SUSE CVE-2019-12221

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a SEGV in the SDL function SDLfreeREAL at stdlib/SDLmalloc.c...

SUSE CVE-2019-14973

TIFFCheckMalloc and TIFFCheckRealloc in tifaux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash...

SUSE CVE-2019-19004

A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image...

SUSE CVE-2020-7105

async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked...

SUSE CVE-2020-9391

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has be...

SUSE CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use...

SUSE CVE-2021-29605

TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...

SUSE CVE-2021-33452

An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasmmalloc in nasmlib/alloc.c...

SUSE CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

UBUNTU-CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

EulerOS 2.0 SP10 : samba (EulerOS-SA-2023-1399)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and...

Huawei EulerOS: Security Advisory for libtar (EulerOS-SA-2023-1324)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : autotrace, autotrace-devel (ALAS-2023-1929)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1929 advisory. Heap-based buffer overflow in the pstoeditsuffixtableinit function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service out-of-bounds write via a crafted...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the validateprotocol function in extensions/autolink.c, which exposes malloc metadata. NOTE: The maintainers believe this is harmless. PoC sh echo "to:[email protected]" | ./src/cmark-gfm -e autolink Remediation...

cmark-gfm 缓冲区错误漏洞

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version with canonical Markdown syntax. A buffer error vulnerability exists in versions prior to cmark-gfm 0.29.0.gfm.7. An attacker can use this vulnerability to read out of bounds to access "malloc"...

CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

Memory corruption

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

CVE-2021-33641

CVE-2021-33641 is a vulnerability in byacc where, during file processing, malloc stores the current line data and, while handling comments, accesses released memory (use-after-free). Multiple connected advisories (EulerOS, Red Hat, Amazon Linux 2023) cite this issue along with CVE-2021-33642, whi...