Buffer overflow

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-14038

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-14038

CVE-2019-14038 is a buffer over-read in the ADSP parse function caused by a missing check for sufficient data payload in a Qualcomm Snapdragon ADSP command response. Affected are Snapdragon products across multiple lines (Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, We...

GHSA-RC77-XXQ6-4MFF Command Injection in hot-formula-parser

Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary commands...

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

Command Injection

Overview Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary...

CVE-2019-16277

PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c...

Xpdf out-of-bounds read vulnerability (CNVD-2019-26662)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. An out-of-bounds read vulnerability exists in the GfxPatchMeshShading::parse function in GfxState.cc in Xpdf 4.01.01. An attacker can exploit this vulnerability to cause a denial of...

CVE-2019-14293

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2...

CVE-2019-14290

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2...

Mongoose Buffer Overflow Vulnerability

Cesanta Mongoose is a set of embedded server libraries from the Irish company Cesanta, which includes features such as TCP, HTTP client and server, WenSocket client and server. A buffer overflow vulnerability exists in the 'parsemqtt' function of the mgmqtt.c file in Cesanta Mongoose versions pri...

CVE-2018-9576

In impdparseparametricdrcinstructions of impddrcstaticpayload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

PT-2018-14218 · Google · Html

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html through 2018-09-25 Description: The issue arises from the mishandling of specific HTML tags, such as , which can cause an infinite loop during an html.Parse call. This occurs because inSelectIM and inSelectInTableI...

PT-2018-14219 · Google · Html Package

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue is related to the html package mishandling certain HTML inputs, such as , leading to a "panic: runtime error" index out of range in nodeStack.pop or...

DEBIAN-CVE-2018-16428

In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference...

CVE-2018-14448

Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav...

Toppydo Input Validation Vulnerability

topdo is a to-do list management application. An input validation vulnerability exists in the 'ListFormatParser::parse' function in the topdo/lib/ListFormat.py file in topdo. The vulnerability can be exploited to inject arbitrary bytes into the endpoint with the help of a todo.txt file with one o...

CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

CVE-2017-13279

In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0,...

Code injection

Netwide Assembler NASM 2.13.02rc2 has a buffer over-read in the parseline function in asm/parser.c via uncontrolled access to nasmregflags...