CVE-2023-45662 Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

CVE-2023-45662

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

CVE-2023-45661

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

CVE-2023-45661 Wild address read in stbi__gif_load_next in stb_image

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

CVE-2023-45661

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

CVE-2023-45661

CVE-2023-45661 affects the stb_image single-file library (stb_image.h). The vulnerability is an out-of-bounds memcpy read in stbi__gif_load_next caused by two_back pointing before the buffer start, which may leak internal memory allocation information. Public docs mention this issue (Astra Linux,...

OESA-2023-1719 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input...

memcpy-param-overlap in MP4Box

Description memcpy-param-overlap in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Asan 32mDashe...

OSV-2023-874 Memcpy-param-overlap in bit_u_expand

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62461 Crash type: Memcpy-param-overlap Crash state: bituexpand bitTVtoutf8 dwgdecodeheadervariables...

The vulnerability of the _TIFFmemcpy function in the libtiff library, which allows a hacker to cause a service failure

The vulnerability of the TIFFmemcpy function in the libtiff library is related to writing beyond the buffer boundaries into memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

OSV-2023-798 Memcpy-param-overlap in repeat

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62081 Crash type: Memcpy-param-overlap Crash state: repeat repeat pere...

PT-2023-35997 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash was reported due to a Memcpy-param-overlap issue. The crash state includes repeat, repeat, and p ere. No information is available about the estimated number of potentially...

Buffer Overflow

libzephyr.so is vulnerable to Buffer Overflows. The vulnerability exists in the memcpy function at usbdcnativeposix.c due to not properly handling the buffer size, which allows an attacker to cause an application crash...

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

Heap overflow

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

CVE-2023-39946 Heap overflow in push_back_helper due to a CDR message

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

x86/Intel: Gather Data Sampling

ISSUE DESCRIPTION A researcher has discovered Gather Data Sampling, a transient execution side-channel whereby the AVX GATHER instructions can forward the content of stale vector registers to dependent instructions. The physical register file is a structure competitively shared between sibling...

kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data-block0" variable was not limited to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dmabuffer. This issue could allow a local...