Heap overflow

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the...

CVE-2019-13283

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the...

CVE-2019-13283

CVE-2019-13283 affects Xpdf 4.01.01 and is a heap-based over-read in FoFiType1::parse (FoFiType1.cc) triggered by crafted PDFs; the source string length isn’t validated before a fixed-length strncpy copy, enabling potential Denial of Service or information leakage via crafted PDFs (pdftotext). Re...

PT-2019-13237 · Xpdf +2 · Xpdf +2

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: A heap-based buffer over-read issue exists due to the lack of validation of the source string's length before making a fixed-length copy in the strncpy function from FoFiType1::parse in fofi/FoFiType1.cc. Thi...

CVE-2019-13112

A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to an std::badalloc exception via a crafted PNG image file...

Mongoose Buffer Overflow Vulnerability

Cesanta Mongoose is a set of embedded server libraries from the Irish company Cesanta, which includes features such as TCP, HTTP client and server, WenSocket client and server. A buffer overflow vulnerability exists in the 'parsemqtt' function of the mgmqtt.c file in Cesanta Mongoose versions pri...

DEBIAN-CVE-2019-12951

An issue was discovered in Mongoose before 6.15. The parsemqtt function in mgmqtt.c has a critical heap-based buffer overflow...

CVE-2018-9563

In llcputilparsecc of llcputil.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1...

Linux kernel heap buffer overflow vulnerability (CNVD-2019-19303)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A heap buffer overflow vulnerability exists in the mwifiexuapparsetailies function in...

Buffer overflow

radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c...

GHSA-2479-QVV7-47QQ Parse Server before v3.4.1 vulnerable to Denial of Service

Impact If a POST request is made to /parse/classes/Audience or other volatile class, any subsuquent POST requests result in an internal server error 500. Patches Afflicted installations will also have to remove the offending collection from their database. Yes, patched in 3.4.1 Workarounds Yes,...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2019-1020012 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2019-1020012 Source advisory: OSV:GHSA-2479-QVV7-47QQ...

Parse Server before v3.4.1 vulnerable to Denial of Service

Impact If a POST request is made to /parse/classes/Audience or other volatile class, any subsuquent POST requests result in an internal server error 500. Patches Afflicted installations will also have to remove the offending collection from their database. Yes, patched in 3.4.1 Workarounds Yes,...

DEBIAN-CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

DEBIAN-CVE-2019-12614

An issue was discovered in dlparparseccproperty in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash...

DEBIAN-CVE-2019-10053

An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow...

UBUNTU-CVE-2019-10053

An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow...

Google Android System Buffer Overflow Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the wnmparseneighborreportelem of wnmsta.c file in Android. The vulnerability stems from a network system or product performing operation...

CVE-2018-17201

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan incubating was renamed to Apache Commons Imaging...

UBUNTU-CVE-2019-11640

An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function recfexparsestrsimple at rec-fex.c in librec.a...