CCN-lite Integer Overflow Vulnerability

CCN-lite is a lightweight and functionally interoperable implementation of the CCNx protocol for XEROX PARC. An integer overflow vulnerability exists in the ndnparsesequence function in CCN-lite versions prior to 2.0.0. An attacker can exploit this vulnerability to cause an integer overflow via...

CVE-2017-12471

The cnbparselev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function...

DEBIAN-CVE-2018-6767

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file...

rsync 'parse_arguments' function protection mechanism bypass vulnerability

rsync is a suite of data mirroring backup applications for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras, which synchronizes the updating of files and directories between two computers and reduces data transfers by using differential encoding...

The vulnerability of the parse_hid_report_descriptor function (drivers/input/tablet/gtco.c) in the Linux operating system allows a hacker to trigger a service failure or exert other effects.

The vulnerability of the parsehidreportdescriptor function in the Linux kernel’s drivers/input/tablet/gtco.c file arises from a read operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause service failures or other effects such as...

UBUNTU-CVE-2018-5764

The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism...

PT-2018-1905 · Rsync +3 · Rsync +3

Name of the Vulnerable Software and Affected Versions: rsync versions prior to 3.1.3 Description: The issue is related to the parse arguments function in options.c in rsyncd, which does not prevent multiple uses of the --protect-args parameter. This allows remote attackers to bypass an...

Artifex Software MuPDF 'pdf_parse_array' function infinite loop vulnerability

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. An infinite loop vulnerability exists in the 'pdfparsearray' function of the pdf/pdf-parse.c file in MuPDF version 1.12.0. A remote attacker can exploit this vulnerability to cause a denial of service application...

UBUNTU-CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdfparsearray function pdf/pdf-parse.c because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file...

PT-2018-17083 · Artifex · Mupdf

Name of the Vulnerable Software and Affected Versions: MuPDF version 1.12.0 Description: The issue is related to an infinite loop vulnerability and application hang in the pdf parse array function, located in pdf/pdf-parse.c, due to the failure to consider the End Of File EOF. This allows remote...

CVE-2017-13197

In the ihevcdparseslice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1...

CVE-2017-13195

In the ihevcdparsesps function of ihevcdparseheaders.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed...

The vulnerability of the phar_parse_pharfile function (ext/phar/phar.c), a PHAR archive handler, allows a attacker to cause a service failure.

The vulnerability of the pharparsepharfile function ext/phar/phar.c, a PHAR archive handler, arises due to the execution of an operation beyond the buffer’s boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using a...

DEBIAN-CVE-2018-5295

In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function base/PdfXRefStreamParserObject.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file...

knot-dns/fuzz_zscanner: Index-out-of-bounds in parse

Project: https://gitlab.labs.nic.cz/knot/knot-dns Detailed report: https://oss-fuzz.com/testcase?key=4734243205808128 Project: knot-dns Fuzzer: libFuzzerknot-dnsfuzzzscanner Fuzz target binary: fuzzzscanner Job Type: libfuzzerubsanknot-dns Platform Id: linux Crash Type: Index-out-of-bounds Crash...

The vulnerability of the cdc_parse_cdc_header function in the Linux operating system’s kernel allows a attacker to cause a service failure or exert other effects.

The vulnerability of the cdcparsecdcheader function in the Linux kernel’s drivers/usb/core/message.c file arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure or other adverse effects through a...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

Fluentd vulenrable to escape sequence injection

Overview Fluentd provided by Cloud Native Computing Foundation CNCF contains an escape sequence injection vulnerability. Fluentd is an open source data collector provided by Cloud Native Computing Foundation CNCF. The parse Filter Plugin for Fluentd contains an escape sequence injection...