15 matches found
SUSE CVE-2026-43092
In the Linux kernel, the following vulnerability has been resolved: xsk: validate MTU against usable frame size on bind AFXDP bind currently accepts zero-copy pool configurations without verifying that the device MTU fits into the usable frame space provided by the UMEM chunk. This becomes a...
OSV-2024-861 UNKNOWN READ in chunk_free_object
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42537801 Crash type: UNKNOWN READ Crash state: chunkfreeobject gsmemorychunkunwrap gsjmemterm...
PT-2024-40866 · Git +1 · Ghostscript
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves functions such as chunk free object, gs memory chunk unwrap, and gs j mem...
CVE-2024-41009
An out-of-bounds memory access flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of...
CVE-2024-41009
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumerpos is the consumer counter to show which...
OSV-2024-496 UNKNOWN READ in chunk_free_object
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68460 Crash type: UNKNOWN READ Crash state: chunkfreeobject gsmemorychunkunwrap gsjmemterm...
PT-2024-40783 · Git +1 · Ghostscript
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ, with a crash state involving functions such as chunk free object, gs memory chunk unwrap, and gs j...
Integer Overflow
qemu is vulnerable to integer overflow. qmpguestfileread in qga/commands-posix.c and qga/commands-win32.c in qemu-ga aka QEMU Guest Agent has an integer overflow causing a gmalloc0 call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploite...
CVE-2018-12617
qmpguestfileread in qga/commands-posix.c and qga/commands-win32.c in qemu-ga aka QEMU Guest Agent in QEMU 2.12.50 has an integer overflow causing a gmalloc0 call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted Q...
Mail.ru: Gain access to random information via group chat "about" property
Vulnerability based on unfiltered size of data in "about" field. In case when data length stored in "about" field is more than 2^16 for example payload is 65537"A" server will return payload with additional suffix with random information. The size of suffix is increase with size of payload...
Libmimedir VCF Memory Corruption Proof Of Concept
!/usr/bin/python libmimedir-free.py Libmimedir VCF Memory Corruption PoC CVE-2015-3205 Jeremy Brown jbrown3264/gmail June 2015 -Synopsis- Adding two NULL bytes to the end of a VCF file allows a user to manipulate free calls which occur during it's lexer's memory clean-up procedure. This could lea...
Libmimedir VCF Memory Corruption PoC
Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow f...
Integer overflow
Integer overflow in the orderedmalloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected...
Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability
Core Security - CoreLabsAdobe Acrobat Reader Acrord32.dll Use After Free Vulnerability 1. Advisory Information Title: Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability Advisory Id: CORE-2010-0701 Advisory URL:...
FreeBSD-SA-03:11.sendmail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:11.sendmail Security Advisory The FreeBSD Project Topic: sendmail DNS map problem Category: contrib Module: contribsendmail Announced: 2003-08-26 Credits: Oleg...