Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=740 The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut --- ==8910==ERROR:...

libgd 2.1.1 - Signedness Heap Overflow

Exploit for linux platform in category remote exploits Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd...

libgd 2.1.1 - Signedness Heap Overflow

libgd 2.1.1 - Signedness Heap Overflow Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may...

libgd 2.1.1 - Signedness Heap Overflow

Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may result in a heap overflow when processi...

libgd 2.1.1 Signedness

Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may result in a heap overflow when processi...

Android - ih264d_process_intra_mb Memory Corruption

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=523 The attached file causes a crash in ih264dprocessintramb in avc parsing, likely due to incorrect bounds checking in one of the memcpy or memset calls in the method. The file...

Google Android - 'ih264d_process_intra_mb' Memory Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=523 The attached file causes a crash in ih264dprocessintramb in avc parsing, likely due to incorrect bounds checking in one of the memcpy or memset calls in the method. The file crashes with the following stack trace in M: 09-08...

Updated quagga packages fix security vulnerability

A vulnerability was found in a way VPNv4 NLRI parser copied packet data to the stack. Memcpy to stack data structure based on length field from packet data whose length field upper-bound was not properly checked CVE-2016-2342...

FreeBSD : py-imaging, py-pillow -- Buffer overflow in FLI decoding code (6ea60e00-cf13-11e5-805c-5453ed2e2b49)

The Pillow maintainers report : In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error. There is a memcpy error where x is added to a target buffer address. X is used in several internal temporary variable roles, but can take a value...

Cisco MiniUPnP Stack Smashing Protection Attack

The Internet of Things security challenge is twofold: finding bugs, and more urgent—fixing them. Cisco’s Talos security intelligence and research group found and privately disclosed a serious and trivially exploitable client-side bug in MiniUPnP that was patched in September of last year. The...

Microsoft Office 内存损坏漏洞(CVE-2015-1641)

来源： http://drops.wooyun.org/papers/9809 Microsoft Office 内存损坏漏洞 0x01 漏洞概述 今年4月份微软修补了一个名为CVE-2015-1641的word类型混淆漏洞，攻击者可以构造嵌入了docx的rtf文档进行攻击。word在解析docx文档处理displacedByCustomXML属性时未对customXML对象进行验证，可以传入其他标签对象进行处理，造成类型混淆，导致任意内存写入，最终经过精心构造的标签以及对应的属性值可以造成远程任意代码执行。 根据微软官方MS15-33安全公告里显示，这个漏洞覆盖Office 2007...

SUSE-SU-2015:2171-2 Security update for gpg2

The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring bsc918089. - CVE-2015-1607: Fixed memcpy with overlapping ranges bsc918090. - bsc955753: Fixed a regression of 'gpg --recv' due to keyserver impor...

Wireshark - memcpy (get_value / dissect_btatt) SIGSEGV

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=653 The following SIGSEGV crash due to an invalid memory write can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...

Wireshark - memcpy get_value dissect_btatt SIGSEGV

Wireshark - memcpy getvalue dissectbtatt SIGSEGV Source: https://code.google.com/p/google-security-research/issues/detail?id=653 The following SIGSEGV crash due to an invalid memory write can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...

Wireshark - memcpy 'get_value / dissect_btatt' SIGSEGV

Source: https://code.google.com/p/google-security-research/issues/detail?id=653 The following SIGSEGV crash due to an invalid memory write can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut ---...

SUSE SLED11 / SLES11 Security Update : gpg2 (SUSE-SU-2015:2170-1)

This update for gpg2 fixes the following issues : - Fix cve-2015-1606 bsc918089 - Invalid memory read using a garbled keyring - 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled- k.patch - Fix cve-2015-1607 bsc918090 - Memcpy with overlapping ranges -...

SUSE-SU-2015:2170-1 Security update for gpg2

This update for gpg2 fixes the following issues: - Fix cve-2015-1606 bsc918089 Invalid memory read using a garbled keyring 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 bsc918090 Memcpy with overlapping ranges...

Mageia: Security Advisory (MGASA-2015-0455)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libsndfile packages fix security vulnerability

Due to a heap overflow in libsndfile, a specially crafted AIFF header can manage index values in order to use memcpy to overwrite memory the heap CVE-2015-7805...

Kaspersky AntiVirus - '.DEX' File Format Memory Corruption

Source: https://code.google.com/p/google-security-research/issues/detail?id=529 The attached testcase was found by fuzzing DEX files, and results in a heap overflow with a wild memcpy. Note that Kaspersky catch exceptions and continue execution, so running into unmapped pages doesn't terminate th...