ROS communications-related packages input validation error vulnerability

ROS communications-related packages is a package related to ROS Robot Operating System communications. An input validation error vulnerability exists in parseOptions in the tools/rosbag/src/record.cpp file in ROS communications-related packages version 1.14.3 and earlier. The vulnerability stems...

DEBIAN-CVE-2019-20201

An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxmlparse functions mishandle XML entities, leading to an infinite loop in which memory allocations occur...

DEBIAN-CVE-2019-20162

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gfisomboxparseex in isomedia/boxfuncs.c...

UBUNTU-CVE-2019-20160

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1parsetilegroup in mediatools/avparsers.c...

UBUNTU-CVE-2019-13445

An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. parseOptions in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line...

CVE-2019-20087

GoPro GPMF-parser 1.2.3 is affected by a heap-based buffer over-read in GPMF_seekToSamples (GPMF-parse.c) related to the "matching tags" feature. The issue is reported across multiple sources (NVD, Red Hat, OSV, CVE lists) and is tied to CVE-2019-20087. The vulnerability description consistently ...

GoPro GPMF-parser heap buffer overflow vulnerability (CNVD-2020-03707)

GoPro gpmf-parser is a GPMF format telemetry data parser for use in GoPro cameras from GoPro USA. A buffer overflow vulnerability exists in the 'GPMFseekToSamples' function of the GPMF-parse.c file in GoPro GPMF-parser version 1.2.3. The vulnerability stems from a networked system or product...

GPAC code issue vulnerability (CNVD-2020-01652)

GPAC is an open source multimedia framework. A code issue vulnerability exists in the 'sencParse' function of the isomedia/boxcodedrm.c file in GPAC versions 0.8.0 and 0.9.0-development-20191109, which originates in the code of a web-based system or product Improper design or implementation durin...

Command Injection

Overview Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary...

ATasm Buffer Overflow Vulnerability (CNVD-2019-45902)

ATasm is a command line cross assembler for the 6502 microprocessor A buffer overflow vulnerability exists in the 'parseexpr' function of the setparse.c file in ATasm version 1.06. The vulnerability stems from a networked system or product performing operations in memory without properly validati...

CVE-2019-19786

ATasm 1.06 has a stack-based buffer overflow in the parseexpr function in setparse.c via a crafted .m65 file...

PT-2019-15957 · Atasm · Atasm

Name of the Vulnerable Software and Affected Versions: ATasm version 1.06 Description: The issue is a stack-based buffer overflow in the parse expr function, located in setparse.c, which can be triggered by a crafted .m65 file. Recommendations: For ATasm version 1.06, as a temporary workaround,...

DEBIAN-CVE-2019-19648

In the machoparsefile functionality in macho/macho.c of YARA 3.11.0, commandsize may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service application crash or potential code execution...

CVE-2019-2222

n ihevcdparseslicedata of ihevcdparseslice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8...

EulerOS Virtualization for ARM 64 3.0.3.0 : gettext (EulerOS-SA-2019-2320)

According to the version of the gettext packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to...

Denial Of Service (DoS)

github.com/tdewolff/parse is vulnerable to denial of service. An infinite loop on unicode code points during re-parsing after parse error results in a denial of service condition...

CVE-2019-19307

An integer overflow in parsemqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS infinite loop, or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet...

DEBIAN-CVE-2019-19072

A memory leak in the predicateparse function in kernel/trace/traceeventsfilter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-96c5c6e6a5b6...

CVE-2019-19072

A memory leak in the predicateparse function in kernel/trace/traceeventsfilter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-96c5c6e6a5b6...

UBUNTU-CVE-2019-19072

A memory leak in the predicateparse function in kernel/trace/traceeventsfilter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-96c5c6e6a5b6...