PT-2024-10422

Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1 Description The issue is related to an integer overflow vulnerability in the parse options function of sbgdec.c within the libavformat module. This vulnerability allows for negative duration values to be accepted without...

kernel: buffer overflow in nft_set_desc_concat_parse()

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

CVE-2023-43536 Buffer Over-read in WLAN Firmware

Transient DOS while parse fils IE with length equal to 1...

avahi: Reachable assertion in avahi_rdata_parse

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

AZL-33937 CVE-2024-0727 affecting package openssl for versions less than 1.1.1k-29

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

PT-2024-13312 · Gnome · Gnome Gtk

Name of the Vulnerable Software and Affected Versions: Gnome GTK affected versions not specified Description: The issue is related to a null pointer dereference in Gnome GTK, specifically via the parse settings function at xsettings-client.c. Recommendations: At the moment, there is no informatio...

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

c-ares: Heap buffer over read in ares_parse_soa_reply

A heap buffer over-read flaw was found in c-ares via the aresparsesoareply function in aresparsesoareply.c...

OSV-2024-25 Stack-buffer-overflow in icu_75::PluralRuleParser::parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65873 Crash type: Stack-buffer-overflow WRITE 1 Crash state: icu75::PluralRuleParser::parse icu75::PluralRules::createRules plurrulefuzzer.cpp...

CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

UBUNTU-CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

OSV-2024-18 Heap-use-after-free in QPDF::read_xref

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65777 Crash type: Heap-use-after-free READ 8 Crash state: QPDF::readxref QPDF::reconstructxref QPDF::parse...

SWFTools 安全漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A buffer overflow vulnerability exists in SWFTools version 0.9.2, which stems from the parseExpression method on the swftools/src/swfc.c:2587 page that fails to correctly validate the length of the input data, and can be...

SWFTools 安全漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A buffer overflow vulnerability exists in SWFTools version 0.9.2, which stems from the parseExpression method on the src/swfc.c:2602 page that fails to properly validate the length of the input data, and can be exploited...

Out-of-bounds

The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the noxxe option of XML::Twig...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the jsonParseAddNodeArray function in sqlite3.c file. An attacker can potentially lead to a denial of service by passing specially crafted malicious input to the application. Remediation Upgrade sqlite3 to version...

PT-2024-4460 · Go +9 · Netmail +9

Name of the Vulnerable Software and Affected Versions: net/mail package in Go affected versions not specified Description: The issue is related to the ParseAddressList function, which incorrectly handles comments within display names. This can lead to different trust decisions being made by...

The vulnerability of the Spreadsheet::ParseExcel library in email security gateways of the Barracuda Email Security Gateway Appliance, related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.

The vulnerability of the Spreadsheet::ParseExcel library, a microprogramming solution for email security gateways like Barracuda Email Security Gateway Appliance, is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

Medium: ntp

Issue Overview: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. CVE-2023-26551 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. CVE-2023-26552 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an...