1419 matches found
OOB write via unchecked multiplication
In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize: malloc insize 4 / 3 + 4 On systems with 32-bit addresses in userspace e.g. x86, ARM, x32, the multiplication in the expression wraps around if insize is at least 1GB of data. If this...
[SECURITY] [DLA DLA-647-1] freeimage security update
Package : freeimage Version : 3.15.1-1.1+deb7u1 CVE ID : CVE-2016-5684 Debian Bug : 839827 It was discovered that there was an out-of-bounds write vulnerability in the XMP image handling functionality in freeimage, a support library for various graphics image formats. A specially crafted XMP file...
[SECURITY] [DLA DLA-647-1] freeimage security update
Package : freeimage Version : 3.15.1-1.1+deb7u1 CVE ID : CVE-2016-5684 Debian Bug : 839827 It was discovered that there was an out-of-bounds write vulnerability in the XMP image handling functionality in freeimage, a support library for various graphics image formats. A specially crafted XMP file...
DLA-647-1 freeimage - security update
Bulletin has no description...
FreeImage Library XMP Image Handling Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this...
ALPINE-CVE-2016-7093
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation...
Design/Logic Flaw
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation...
kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...
ps-inject - Inject Shellcode on Linux PID
Inject shellcode on linux PID How use: $ make gcc -Wall -Wextra -O3 -c -o lib/file.o src/file.c gcc -Wall -Wextra -O3 -c -o lib/str.o src/str.c gcc -Wall -Wextra -O3 -c -o lib/mem.o src/mem.c gcc -Wall -Wextra -O3 -c -o lib/inject.o src/inject.c gcc -Wall -Wextra -O3 -c -o lib/main.o src/main.c g...
kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...
kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...
kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...
Oracle OIT ContentAccess libvs_mwkd VwStreamSection Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0159 Oracle OIT ContentAccess libvsmwkd VwStreamSection Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3593 Description A partially controlled memory corruption vulnerability exists in Mac Works Database file format parsing code of Oracle...
kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...
kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...
Unspecified vulnerability in libarchive CAB parser
libarchive is a multi-format archive and compression library. An unspecified vulnerability exists in libarchive's CAB parser. An attacker could exploit this vulnerability to cause a memory overwrite...
Debian DLA-493-1 : openafs security update
CVE-2015-8312: Off-by-one error in afspioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service memory overwrite and system crash via a pioctl with an input buffer size of 4096 bytes. - CVE-2016-2860: The newEntry function in ptserver/ptprocs.c in OpenAFS before...
DLA-493-1 openafs - security update
Bulletin has no description...
CVE-2016-1887
Integer signedness error in the sockargs function in sys/kern/uipcsyscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service memory overwrite and kernel panic or gain privileges via a negative buflen argument, which triggers a...
CVE-2016-1887
Integer signedness error in the sockargs function in sys/kern/uipcsyscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service memory overwrite and kernel panic or gain privileges via a negative buflen argument, which triggers a...