PT-2024-13312 · Gnome · Gnome Gtk

Name of the Vulnerable Software and Affected Versions: Gnome GTK affected versions not specified Description: The issue is related to a null pointer dereference in Gnome GTK, specifically via the parse settings function at xsettings-client.c. Recommendations: At the moment, there is no informatio...

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

c-ares: Heap buffer over read in ares_parse_soa_reply

A heap buffer over-read flaw was found in c-ares via the aresparsesoareply function in aresparsesoareply.c...

OSV-2024-25 Stack-buffer-overflow in icu_75::PluralRuleParser::parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65873 Crash type: Stack-buffer-overflow WRITE 1 Crash state: icu75::PluralRuleParser::parse icu75::PluralRules::createRules plurrulefuzzer.cpp...

CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

UBUNTU-CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

OSV-2024-18 Heap-use-after-free in QPDF::read_xref

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65777 Crash type: Heap-use-after-free READ 8 Crash state: QPDF::readxref QPDF::reconstructxref QPDF::parse...

SWFTools 安全漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A buffer overflow vulnerability exists in SWFTools version 0.9.2, which stems from the parseExpression method on the src/swfc.c:2602 page that fails to properly validate the length of the input data, and can be exploited...

SWFTools 安全漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A buffer overflow vulnerability exists in SWFTools version 0.9.2, which stems from the parseExpression method on the swftools/src/swfc.c:2587 page that fails to correctly validate the length of the input data, and can be...

Out-of-bounds

The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the noxxe option of XML::Twig...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the jsonParseAddNodeArray function in sqlite3.c file. An attacker can potentially lead to a denial of service by passing specially crafted malicious input to the application. Remediation Upgrade sqlite3 to version...

PT-2024-4460 · Go +9 · Netmail +9

Name of the Vulnerable Software and Affected Versions: net/mail package in Go affected versions not specified Description: The issue is related to the ParseAddressList function, which incorrectly handles comments within display names. This can lead to different trust decisions being made by...

The vulnerability of the Spreadsheet::ParseExcel library in email security gateways of the Barracuda Email Security Gateway Appliance, related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.

The vulnerability of the Spreadsheet::ParseExcel library, a microprogramming solution for email security gateways like Barracuda Email Security Gateway Appliance, is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

Medium: ntp

Issue Overview: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. CVE-2023-26551 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. CVE-2023-26552 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an...

CVE-2023-37420

Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns t...

DEBIAN-CVE-2023-37420

Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns t...

DEBIAN-CVE-2023-37416

Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns t...

UBUNTU-CVE-2023-37418

Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns t...

UBUNTU-CVE-2023-49551

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file...