CVE-2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...

CVE-2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...

UBUNTU-CVE-2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory to...

Microsoft Windows Kernel - win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1275 We have discovered that the nt!NtGdiGetFontResourceInfoInternalW system call discloses portions of uninitialized kernel stack memory to user-mode clients. This is caused by...

Microsoft Windows Kernel - win32k!NtGdiEngCreatePalette Stack Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiEngCreatePalette Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1276&desc=2 We have discovered that the nt!NtGdiEngCreatePalette system call discloses large portions of uninitialized kernel stack memory to user-mo...

CVE-2015-9067

In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset is addressed...

CVE-2015-9067

CVE-2015-9067 concerns Qualcomm products with Android CAF builds using the Linux kernel. The description indicates a potential compiler optimization of memset() that is addressed in these releases. The connected documents do not provide concrete technical details such as affected versions, exact ...

CVE-2015-9067

In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset is addressed...

Memory Corruption And Code Execution

MuPDF is vulnerable to memory corruption and possible code execution through the JBIG2 parser. It is possible for attackers to pass a PDF to a user to cause the application to pass memset a negative number. This flaw causes memory corruption and potentially code execution as well...

CVE-2016-6264

Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service crash via a negative length value to the memset function...

Integer overflow

Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service crash via a negative length value to the memset function...

DEBIAN-CVE-2016-6264

Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service crash via a negative length value to the memset function...

Android - ih264d_process_intra_mb Memory Corruption

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=523 The attached file causes a crash in ih264dprocessintramb in avc parsing, likely due to incorrect bounds checking in one of the memcpy or memset calls in the method. The file...

Google Android - 'ih264d_process_intra_mb' Memory Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=523 The attached file causes a crash in ih264dprocessintramb in avc parsing, likely due to incorrect bounds checking in one of the memcpy or memset calls in the method. The file crashes with the following stack trace in M: 09-08...

Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (1) (122 bytes)

/--------------------------------------------------------------------------------------------------------------------- / Title: tcp reverse shell with password polymorphic version 122 bytes Author: Sathish kumar Contact: https://www.linkedin.com/in/sathish94 Copyright: c 2016 iQube. http://iQube....

Adobe Flash BlurFilter Processing - Out-of-Bounds Memset

Source: https://code.google.com/p/google-security-research/issues/detail?id=627 The attached swf file causes an out-of-bounds memset in BlurFilter processing. Note that Chrome aborts when processing the swf Proof of Concept:...

Adobe Flash BlurFilter Processing - Out-of-Bounds Memset

Adobe Flash BlurFilter Processing - Out-of-Bounds Memset Source: https://code.google.com/p/google-security-research/issues/detail?id=627 The attached swf file causes an out-of-bounds memset in BlurFilter processing. Note that Chrome aborts when processing the swf Proof of Concept:...

Adobe Flash BlurFilter Processing - Out-of-Bounds Memset

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=627 The attached swf file causes an out-of-bounds memset in BlurFilter processing. Note that Chrome aborts when processing the swf Proof of Concept:...

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash Source: https://code.google.com/p/google-security-research/issues/detail?id=497 Loading the bitmap bmpmemset.bmp can cause a crash due to a memset writing out of bounds. I/DEBUG 2961: pid: 12383, tid: 12549, name: thread-pool-1...