DEBIAN-CVE-2018-7436

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parseSST function...

UBUNTU-CVE-2018-7436

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parseSST function...

CVE-2018-7438

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parseunicodestring function...

DEBIAN-CVE-2018-7438

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parseunicodestring function...

UBUNTU-CVE-2017-18187

In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the sslparseclientpskidentity function in library/sslsrv.c...

DEBIAN-CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the zzipparserootdirectory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...

UBUNTU-CVE-2018-6872

The elfparsenotes function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service out-of-bounds read and segmentation violation via a note with a large alignment...

DEBIAN-CVE-2018-6872

The elfparsenotes function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service out-of-bounds read and segmentation violation via a note with a large alignment...

UBUNTU-CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the zzipparserootdirectory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...

CCN-lite 'cnb_parse_lev' Function Denial of Service Vulnerability

CCN-lite is a lightweight CCNx Content Centric Networking Protocol implementation of the CCN-lite project. A security vulnerability exists in the 'cnbparselev' function in CCN-lite versions prior to 2.00. An attacker could exploit this vulnerability to cause an invalid read...

CCN-lite Integer Overflow Vulnerability

CCN-lite is a lightweight and functionally interoperable implementation of the CCNx protocol for XEROX PARC. An integer overflow vulnerability exists in the ndnparsesequence function in CCN-lite versions prior to 2.0.0. An attacker can exploit this vulnerability to cause an integer overflow via...

CCN-lite integer overflow vulnerability (CNVD-2018-03678)

CCN-lite is a lightweight and functionally interoperable implementation of the CCNx protocol for XEROX PARC. An integer overflow vulnerability exists in CCN-lite versions prior to 2.0.0. An attacker can exploit this vulnerability to cause an integer overflow by involving the vallen variable in th...

CVE-2017-12471

The cnbparselev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function...

DEBIAN-CVE-2018-6767

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file...

rsync 'parse_arguments' function protection mechanism bypass vulnerability

rsync is a suite of data mirroring backup applications for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras, which synchronizes the updating of files and directories between two computers and reduces data transfers by using differential encoding...

UBUNTU-CVE-2018-5764

The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism...

PT-2018-1905 · Rsync +3 · Rsync +3

Name of the Vulnerable Software and Affected Versions: rsync versions prior to 3.1.3 Description: The issue is related to the parse arguments function in options.c in rsyncd, which does not prevent multiple uses of the --protect-args parameter. This allows remote attackers to bypass an...

Artifex Software MuPDF 'pdf_parse_array' function infinite loop vulnerability

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. An infinite loop vulnerability exists in the 'pdfparsearray' function of the pdf/pdf-parse.c file in MuPDF version 1.12.0. A remote attacker can exploit this vulnerability to cause a denial of service application...

UBUNTU-CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdfparsearray function pdf/pdf-parse.c because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file...

PT-2018-17083 · Artifex · Mupdf

Name of the Vulnerable Software and Affected Versions: MuPDF version 1.12.0 Description: The issue is related to an infinite loop vulnerability and application hang in the pdf parse array function, located in pdf/pdf-parse.c, due to the failure to consider the End Of File EOF. This allows remote...