php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used

The graphemestripos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...

php: Memory Leakage In exif_process_IFD_in_TIFF

The exifprocessIFDinTIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image...

UBUNTU-CVE-2016-9104

Multiple integer overflows in the 1 v9fsxattrread and 2 v9fsxattrwrite functions in hw/9pfs/9p.c in QEMU aka Quick Emulator allow local guest OS administrators to cause a denial of service QEMU process crash via a crafted offset, which triggers an out-of-bounds access...

Linux kernel 4.6.2 - IP6T_SO_SET_REPLACE Privilege Escalation

Exploit for linux platform in category local exploits Exploit Title: Linux kernel = 4.6.2 - Local Privileges Escalation via IP6TSOSETREPLACE compat setsockopt call Date: 2016.10.8 Exploit Author: Qian email protected Qihoo 360 Version: Linux kernel = 4.6.2 Tested on: Ubuntu 16.04.1 LTS Linux...

CVE-2016-5273

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site...

UBUNTU-CVE-2016-5273

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site...

DEBIAN-CVE-2015-8923

The processextra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service crash via a crafted zip file...

kernel: netfilter: missing bounds check in ipt_entry structure

A security flaw was found in the Linux kernel in the marksourcechains function in "net/ipv4/netfilter/iptables.c". It is possible for a user-supplied "iptentry" structure to have a large "nextoffset" field. This field is not bounds checked prior to writing to a counter value at the supplied offse...

kernel: netfilter: missing bounds check in ipt_entry structure

A security flaw was found in the Linux kernel in the marksourcechains function in "net/ipv4/netfilter/iptables.c". It is possible for a user-supplied "iptentry" structure to have a large "nextoffset" field. This field is not bounds checked prior to writing to a counter value at the supplied offse...

UBUNTU-CVE-2016-7128

The exifprocessIFDinTIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image...

DEBIAN-CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

Wireshark WBXML Dissector Denial of Service Vulnerability (Aug 2016) - Windows

Wireshark is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark";...

UBUNTU-CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

CVE-2016-5350

epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

CVE-2016-5359

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service integer overflow and infinite loop via a crafted packet...

UBUNTU-CVE-2016-5350

epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

UBUNTU-CVE-2016-5359

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service integer overflow and infinite loop via a crafted packet...

Wireshark 1.12.0 1.12.12 2.0.0 2.0.4 - WSP Dissector Denial of Service

Wireshark 1.12.0 1.12.12 2.0.0 2.0.4 - WSP Dissector Denial of Service Sample generated with AFL Build Information: TShark Wireshark 2.0.4 Copyright 1998-2016 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later This is free software; see the source for copying conditions...

CVE-2016-2506

DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...