Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Exploit

We have encountered a Windows kernel crash in memcpy called by nt!MiRelocateImage while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug i...

PYSEC-2019-239

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

UBUNTU-CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends...

VideoLAN VLC avcodec Denial of Service Vulnerability

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework developed by the French organization VideoLAN. The product supports the playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc., etc...

FreeBSD : py-imaging, py-pillow -- Buffer overflow in FLI decoding code (6ea60e00-cf13-11e5-805c-5453ed2e2b49)

The Pillow maintainers report : In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error. There is a memcpy error where x is added to a target buffer address. X is used in several internal temporary variable roles, but can take a value...

CVE-2003-0967

raddecode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service crash via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute...