Google Android Buffer Overflow Vulnerability (CNVD-2019-27582)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the 'impdparsesplitdrccharacteristic' function of the impddrcstaticpayload.c file in Android version 9, which stems from a lack of bounda...

Google Android Buffer Overflow Vulnerability (CNVD-2019-27576)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the 'impdparseloudeqinstructions' function of the impddrcdynamicpayload.c file in Android version 9, which stems from a lack of boundary...

Google Android Buffer Overflow Vulnerability (CNVD-2019-27579)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the 'impdparametricdrcparsegainsetparams' function of the impddrcstaticpayload.c file in Android version 9, which stems from a lack of...

LibRaw 'LibRaw::parse_exif()' function stack buffer overflow vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A stack buffer overflow vulnerability exists in the 'LibRaw::parseexif' function in the internal/dcrawcommon.cpp file in LibRaw versions prior to 0.18.9. A remote attacker coul...

Ruby: The taint flag is not propagated at JSON.parse

Vulnerability description not provided...

CVE-2018-9571

In impdparseloudeqinstructions of impddrcdynamicpayload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9...

CVE-2018-9570

In impdparsedrcextv1 of impddrcdynamicpayload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android...

CVE-2018-9576

In impdparseparametricdrcinstructions of impddrcstaticpayload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

CVE-2018-9575

In impdparsedwnmixinstructions of impddrcstaticpayload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9...

DEBIAN-CVE-2018-5813

An error within the "parseminolta" function dcraw/dcraw.c in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file...

DEBIAN-CVE-2018-5809

An error within the "LibRaw::parseexif" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code...

CVE-2018-5813

An error within the "parseminolta" function dcraw/dcraw.c in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file...

UBUNTU-CVE-2018-5809

An error within the "LibRaw::parseexif" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code...

Google Android Double Release Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A double-release vulnerability exists in the MasteringMetadata::Parse of the mkvparser.cc file in Android, which can be exploited by remote attackers to execute code...

CVE-2018-9553

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

CVE-2018-9553

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

Double free

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

CVE-2018-9553

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

CVE-2018-9553

CVE-2018-9553 : In MasteringMetadata::Parse of mkvparser.cc, a double-free can occur due to an insecure default value, enabling remote code execution. Affected: Android devices/versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation requires user interaction (local attack). Evidence ties this CVE ...

dcraw floating point exception vulnerability (CNVD-2019-00790)

dcraw is a U.S. software developer David J. Coffin developed a set of open source for the camera to shoot the RAW film into PPM or TIFF format picture tool . A floating-point exception vulnerability exists in parsetiffifd in dcraw 9.28 and earlier versions, which can be exploited to cause an...