QEMU 资源管理错误漏洞

QEMU is a suite of analog processor software from the French individual developer Fabrice Bellard. The software is fast and cross-platform. QEMU suffers from a memory misreference vulnerability that stems from a confusion in the instructions responsible for freeing memory in the e1000e NIC...

SUSE CVE-2023-26965

loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image...

Important: kernel-livepatch-6.1.19-30.43

Issue Overview: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. CVE-2022-48425 An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failu...

CVE-2023-29575

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component...

Design/Logic Flaw

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component...

CVE-2023-29575

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component...

CVE-2023-29575

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component...

Design/Logic Flaw

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component...

CVE-2023-29573

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component...

CVE-2023-29573

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component...

CVE-2023-29573

CVE-2023-29573 concerns Bento4 v1.6.0-639 with an out-of-memory bug in the mp4info component. The connected sources confirm the description across multiple feeds (Red Hat, NVD, OSV, etc.). The documents do not provide a remediation or fixed version. Metrics indicate a LOCAL attack vector, LOW att...

CVE-2023-29574

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component...

CVE-2023-29574

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component...

CVE-2023-29574

CVE-2023-29574 affects Bento4 v1.6.0-639, where the mp42avc component contains an out-of-memory bug. Multiple sources (CNVD/CNNVD/Red Hat and others) describe this as a denial-of-service risk due to memory exhaustion. The CVSS shows a Medium base score (5.5) with LOCAL attack vector, low attack c...

PYSEC-2023-56

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...

PT-2023-21558 · Opensips · Opensis

Name of the Vulnerable Software and Affected Versions: OpenSIPS versions prior to 3.1.7 OpenSIPS versions prior to 3.2.4 Description: OpenSIPS is a Session Initiation Protocol SIP server implementation. A specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected w...

SUSE CVE-2012-3437

The Magickpngmalloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service crash via a crafted PNG file that triggers incorrect memory allocation...

SUSE CVE-2017-5119

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

SUSE CVE-2017-7826

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird...

SUSE CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...