PHP integer overflow vulnerability (CNVD-2017-01946)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. An...

PHP buffer overflow vulnerability (CNVD-2017-01945)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

UBUNTU-CVE-2015-8979

Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service segmentation fault via a long string sent to TCP port 4242...

GStreamer gst_avi_demux_parse_ncdt function denial of service vulnerability

GStreamer is an open source multimedia framework. GStreamer has a security vulnerability in the gst-plugins-good/gst/avi/gstavidemux.c/gstavidemuxparsencdt function, which causes a denial of service for remote attackers...

DEBIAN-CVE-2017-5840

The qtdemuxparsesamples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving the current stts index...

ALPINE-CVE-2017-5840

The qtdemuxparsesamples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving the current stts index...

UBUNTU-CVE-2017-5840

The qtdemuxparsesamples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving the current stts index...

ALPINE-CVE-2017-5483

The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1parse...

DEBIAN-CVE-2017-5483

The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1parse...

UBUNTU-CVE-2016-7929

The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniperparseheader...

UBUNTU-CVE-2017-5483

The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1parse...

UBUNTU-CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

DEBIAN-CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

libass: Attempting free in parse_events

Project: https://github.com/libass/libass.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5420800962199552 Project: libass Fuzzer: libFuzzerlibassfuzzer Fuzz target binary: libassfuzzer Job Type: libfuzzerasanlibass Platform Id: linux Crash Type: Attempting free Crash...

ALPINE-CVE-2016-9809

Off-by-one error in the gsth264parsesetcaps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read...

DEBIAN-CVE-2016-9813

The parsepat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted file...

UBUNTU-CVE-2016-9813

The parsepat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted file...

BlueZ userland utilities vulnerable to buffer overflow

Overview BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities. parseline function used in some userland utilities contains a buffer overflow vulnerability. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...