857 matches found
CVE-2017-13090
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
CVE-2017-13090
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
DEBIAN-CVE-2017-13090
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
ALPINE-CVE-2017-13090
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
CVE-2017-13090
The connected documents confirm CVE-2017-13090 affects wget prior to 1.19.2, due to chunked HTTP processing in retr.c:fd_read_body(). The chunk parser uses strtol() to read chunk lengths but does not validate non-negativity; then reads chunks with MIN(..) and passes a negative length to fd_read()...
CVE-2017-13090
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
CVE-2017-13090
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
UBUNTU-CVE-2017-13090
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
Oracle OIT IX SDK TIFF file parsing heap buffer overflow(CVE-2016-3582)
Description While parsing a specially crafted TIFF file, a parser confusion can lead to a heap buffer overflow resulting in out of bounds memory overwrite and possibly leading to arbitrary code execution. Tested Versions Outside In IX sdk 8.5.1. Product URLs...
binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow
Source: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read1byte-dwarf2-c/ Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE...
Apple GarageBand Out of Bounds Write Code Execution Vulnerability(CVE-2017-2374)
Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple's GarageBand version 10.1.5. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means. This...
gstreamer: Out of bounds heap read in windows_icon_typefind
The windowsicontypefind function in gst-plugins-base in GStreamer before 1.10.2, when GSLICE is set to always-malloc, allows remote attackers to cause a denial of service out-of-bounds read via a crafted ico file...
cairo cairo-truetype-subset.c file denial of service vulnerability
cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports 2D drawing in multiple contexts and provides high-quality display and printouts. A security vulnerability exists in the cairo-truetype-subset.c file in cai...
CVE-2017-9814
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call...
DEBIAN-CVE-2017-9814
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call...
CVE-2017-9814
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call...
CVE-2017-9814
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call...
PT-2017-19200 · Cairo +3 · Cairo +3
Name of the Vulnerable Software and Affected Versions: cairo versions 1.15.6 and earlier Description: The issue allows remote attackers to cause a denial of service due to an out-of-bounds read. This is because of mishandling of an unexpected malloc0 call in the cairo-truetype-subset.c file...
LibTIFF - 'tif_jbig.c' Denial of Service
Source: http://bugzilla.maptools.org/showbug.cgi?id=2706 Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” The asan debug information is below: $./tiff2ps $POC ================================================================= ==26627==ERROR:...
CVE-2017-9937
In LibTIFF 4.0.8, there is a memory malloc failure in tifjbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack...