UBUNTU-CVE-2018-18483

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc called with the result of an integer-overflowing calculation or possibly have unspecified other impact via a crafted string, as demonstrated by...

CVE-2018-17332

An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svgstring.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls...

CVE-2018-17332

An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svgstring.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls...

CVE-2017-2575

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG...

CVE-2017-2575

CVE-2017-2575 affects the libbpg 0.9.7 BPG encoder. The issue is a NULL pointer dereference caused by a missing check of the return value from malloc during conversion of a malicious JPEG file to BPG. This is a code-path vulnerability in the encoder that can lead to a crash when parsing crafted i...

Google gperftools memory leak vulnerability

Google gperftools is an implementation of malloc that includes performance analysis tools such as heap checker, heap analyzer and CPU analyzer. A memory disclosure vulnerability exists in the mallocextension.cc file in Google gperftools version 2.7. An attacker could exploit this vulnerability to...

DEBIAN-CVE-2018-13420

Google gperftools 2.7 has a memory leak in mallocextension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program...

AZL-6453 CVE-2018-13420 affecting package gperftools for versions less than 2.7-4

Google gperftools 2.7 has a memory leak in mallocextension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program...

CVE-2018-13420

Google gperftools 2.7 has a memory leak in mallocextension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program...

PT-2018-11815 · Google +2 · Gperftools +2

Name of the Vulnerable Software and Affected Versions: Google gperftools version 2.7 Description: The issue is related to a memory leak in malloc extension.cc, specifically involving MallocExtension::Register and InitModule. However, the software maintainer disputes this, stating it is a...

Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)

Sony Playstation 4 PS4 5.1 - Kernel PoC log"--- trying kernel exploit --"; function mallocsz var backing = new Uint8Array0x10000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x10000+sz4...

Heap Viewer - An IDA Pro Plugin To Examine The Glibc Heap, Focused On Exploit Development

An IDA Pro plugin for now to examine the heap, focused on exploit development. Currently only supports glibc malloc ptmalloc2. Requirements IDA Pro = 6.9 Tested on glibc = 2.26 GraphView for linked lists bins/tcache Magic utils: Unlink merge info Fake fastbin finder House of force helper Useful...

CVE-2018-10538

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy...

glibc security update

2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...

Amazon Linux 2 : glibc (ALAS-2018-992)

Integer overflow in malloc functions : The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that i...

Medium: glibc

Issue Overview: Integer overflow in malloc functions: The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a hea...

The vulnerability in the implementation of the malloc function in the library that handles system calls and core functions of glibc allows a attacker to trigger a service failure.

The vulnerability in the implementation of the malloc function in libraries that handle system calls and core functions of glibc arises from operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

CVE-2017-17148

Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks...

Design/Logic Flaw

Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks...

CVE-2017-17148

Summary: CVE-2017-17148 affects Huawei DP300 V500R002C00. The issue is a DoS caused by lack of validation when malloc is called during XML parsing; an authenticated local attacker can craft specific XML files to trigger parsing and cause a denial of service. This is a local, low-privilege vector ...