GTKWave LXT2 zlib block decompression out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1823 GTKWave LXT2 zlib block decompression out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-38657 SUMMARY An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially craft...

GTKWave LXT2 lxt2_rd_get_facname decompression out-of-bounds write vulnerabilities

Talos Vulnerability Report TALOS-2023-1826 GTKWave LXT2 lxt2rdgetfacname decompression out-of-bounds write vulnerabilities January 8, 2024 CVE Number CVE-2023-39443,CVE-2023-39444 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A...

GTKWave VZT vzt_rd_get_facname decompression out-of-bounds write vulnerabilities

Talos Vulnerability Report TALOS-2023-1813 GTKWave VZT vztrdgetfacname decompression out-of-bounds write vulnerabilities January 8, 2024 CVE Number CVE-2023-38649,CVE-2023-38648 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdgetfacname decompression functionality of...

GTKWave VZT LZMA_Read dmem extraction out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1810 GTKWave VZT LZMARead dmem extraction out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-37282 SUMMARY An out-of-bounds write vulnerability exists in the VZT LZMARead dmem extraction functionality of GTKWave 3.3.115. A specially crafted...

GTKWave VZT LZMA_read_varint out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1811 GTKWave VZT LZMAreadvarint out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-36861 SUMMARY An out-of-bounds write vulnerability exists in the VZT LZMAreadvarint functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead ...

CVE-2023-43512

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The software of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server is vulnerable. This vulnerability allows attackers to access protected information or cause service failures.

The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the exposure of operations outside of the buffer in memory. Exploiting the...

CVE-2023-6931

A flaw was found in the Linux kernel's Performance Events system component. A condition can be triggered that allows data to be written past the end or before the beginning of the intended memory buffer. This may lead to a system crash, code execution, or local privilege escalation. Mitigation It...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing a hacker to execute arbitrary code.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the ability to write code beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the writing of code beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current user...

The vulnerability of the MPI process tracing tools Intel Trace Analyzer and Collector lies in the possibility of an operation being executed outside the buffer in memory, allowing a hacker to exploit this privilege.

The vulnerability of the MPI process tracing tools Intel Trace Analyzer and Collector lies in the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in its ability to read data beyond the buffer limit in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Adobe After Effects’ video and dynamic image editing software relates to reading beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code in the context of the current user...

CVE-2023-28587 Improper Restriction of Operations within the Bounds of a Memory Buffer in BT Controller

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level...

CVE-2023-28550 Improper Restriction of Operations within the Bounds of a Memory Buffer in MPP Performance

Memory corruption in MPP performance while accessing DSM watermark using external memory address...

CVE-2023-21634 Improper Restriction of Operations within the Bounds of a Memory Buffer in Radio Interface Layer

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM...

CVE-2023-48697

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

Buffer overflow

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

CVE-2023-48697 Azure RTOS USBX Remote Code Execution Vulnerability

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

CVE-2023-48697

CVE-2023-48697 concerns Azure RTOS USBX, a USB host/device stack. Vulnerabilities stem from memory buffer and pointer handling in RTOS v6.2.1 and earlier, affecting components such as pictbridge/host class and related PIMA, storage, CDC ACM, ECM, audio, and hub functionality. This can lead to rem...