TinyXML2 'XMLDocument::Parse' function heap buffer overflow vulnerability

TinyXML2 is a C++-based open source XML parser . A heap buffer overflow vulnerability exists in the 'XMLDocument::Parse' function of the libtinyxml2.so file in TinyXML2 version 6.2.0. An attacker can exploit this vulnerability to cause a buffer out-of-bounds read...

DEBIAN-CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

Heap overflow

DISPUTED TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

CVE-2018-11210

TinyXML2 6.2.0 is affected by a heap-based buffer over-read in XMLDocument::Parse (libtinyxml2.so). The CVE-2018-11210 entry notes this is due to improper use of the library and not a vulnerability in tinyxml2. NVD data lists a high/severe impact (CVSS v3: 9.8, NETWORK/NO AUTH required; all impac...

CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

Exiv2 heap buffer overflow vulnerability (CNVD-2018-12916)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. A heap buffer overflow vulnerability exists in the Exiv2::Internal::PngChunk::parseTXTChunk function in Exiv2 0.26. An attacker could exploit this vulnerability to cause a denial of service...

UBUNTU-CVE-2018-10999

An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read...

ncurses denial of service vulnerability (CNVD-2018-09192)

ncurses is a character terminal processing library , it can provide a series of functions for the user to call and generate text-based user interface . A security vulnerability exists in the 'ncparseentry' function in the tinfo/parseentry.c file in versions of ncurses prior to 6.1.20180414. A...

DEBIAN-CVE-2018-10771

Stack-based buffer overflow in the getkey function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

abcm2ps 'get_key' function stack buffer overflow vulnerability

abcm2ps is a command line program that converts music tunes from ABC notation to PostScript or SVG format. A stack buffer overflow vulnerability exists in the 'getkey' function of the parse.c file in abcm2ps 8.13.20 and earlier versions. A remote attacker could exploit this vulnerability to cause...

php: Out-of-bounds read in phar_parse_pharfile

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the pharparsepharfile function in ext/phar/phar.c...

WavPack Memory Write Vulnerability

WavPack is an open source, free audio lossless compression software. A security vulnerability exists in WavPack 5.1.0 and earlier versions, which originates from the 'ParseRiffHeaderConfig' function in the riff.c file receiving multiple format chunks, and can be exploited by an attacker to perfor...

WavPack Out-of-Bounds Write Vulnerability

WavPack is an open source, free audio lossless compression software. A security vulnerability exists in WavPack 5.1.0 and earlier versions, which stems from a failure of the 'ParseWave64HeaderConfig' function in the wave64.c file to verify the size of a block before allocating memory. An attacker...

ALPINE-CVE-2018-10537

An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks...

ALPINE-CVE-2018-10538

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy...

PT-2018-9950 · Wavpack +3 · Wavpack +3

Name of the Vulnerable Software and Affected Versions: WavPack versions 5.1.0 and earlier Description: A issue in the WAV parser component allows writing to memory due to the ParseRiffHeaderConfig function in riff.c not rejecting multiple format chunks. Recommendations: For versions 5.1.0 and...

tcpdump: Buffer over-read in print-802_11.c:parse_elements() in IEEE 802.11 parser

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-80211.c:parseelements...