CVE-2022-23400

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An...

UBUNTU-CVE-2022-1475

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...

FFmpeg 输入验证错误漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. FFmpeg suffers from an integer overflow vulnerability that stems from a failure to properly validate data length in the g729parse function when processing specially crafted files. An attack...

DEBIAN-CVE-2022-1534

Buffer Over-read at parserawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash...

Libmobi 缓冲区错误漏洞

Libmobi is a C library . It is used to process Mobipocket/Kindle MOBI e-book format documents. A security vulnerability in parserawml.c:1416 in the GitHub library Libmobi before 0.11, which stems from a buffer error, can be exploited by an attacker to read sensitive information or cause a crash...

PT-2022-6744 · Unknown +5 · Protobuf-C +5

Name of the Vulnerable Software and Affected Versions: Protobuf-c version 1.4.0 Description: The issue is related to an invalid arithmetic shift via the parse tag and wiretype function in protobuf-c/protobuf-c.c, which can cause a Denial of Service DoS via unspecified vectors. This is also...

PT-2022-13915 · FFmpeg +3 · Ffmpeg +3

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 4.4.2 FFmpeg versions prior to 5.0.1 Description: An integer overflow issue was discovered in the g729 parse function located in libavcodec/g729 parser.c when handling a specially crafted file. This issue can be...

CVE-2021-40398

An out-of-bounds write vulnerability exists in the parserasterdata functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

PT-2022-11227 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: An out-of-bounds write issue exists in the parse raster data functionality. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger th...

CVE-2022-27823

Improper size check in sapefdparsemetaHEADERold function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file...

golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag...

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user...

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11 a memory leak exists for a certain hid_parse error condition.

...

CVE-2022-24793 Potential heap buffer overflow when parsing DNS packets in PJSIP

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to...

The Bug Report - March 2022 Edition

The Bug Report - March 2022 By Charles McFarland · April 6, 2022 Your Cybersecurity Comic Relief Comic from https://geek-and-poke.com/ and remains unedited. https://creativecommons.org/licenses/by/3.0/ Use of this comic does not indicate endorsement by the creator. Why am I here? Welcome back the...

CVE-2021-35088

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure...

Design/Logic Flaw

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure...

CVE-2021-35088

CVE-2021-35088 : An out-of-bounds read due to improper validation of the SSID IE length during SSID IE parsing when the channel is DFS, reported for Qualcomm Snapdragon families (Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Wearables, Wired Infrastructure and Networking). Th...

CVE-2021-35088

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure...