NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry function in XRef.cc via a crafted PDF document. Remediation A fix was pushed into the master branch but not yet published. References...

dlplibs: Index-out-of-bounds in WKS4Chart::sendCharts

Detailed report: https://oss-fuzz.com/testcase?key=5151574194126848 Project: dlplibs Fuzzer: libFuzzerdlplibswksfuzzer Fuzz target binary: wksfuzzer Job Type: libfuzzerubsandlplibs Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State: WKS4Chart::sendCharts WKS4Parser::par...

ALPINE-CVE-2017-14501

An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader...

DEBIAN-CVE-2017-14501

An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader...

UBUNTU-CVE-2017-14501

An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader...

DEBIAN-CVE-2017-12987

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-80211.c:parseelements...

Tcpdump IEEE 802.11 parser buffer overflow vulnerability (CNVD-2017-27744)

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run under the command line. The tool allows users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.IEEE 802.11 parser is one of the IEEE 802.11 standard parsers. A...

UBUNTU-CVE-2017-13008

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-80211.c:parseelements...

Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE

Nmap's XML result parse and NVD's CPE correlation to search CVE. You can use that to find public vulnerabilities in services... Nmap\s XML result parser and NVD's CPE correlation to search CVE Example: python vision2.py -f resultscan.xml -l 3 -o txt Coded by Mthbernades and CoolerVoid -...

Gdk-Pixbuf tiff_image_parse function integer overflow vulnerability

Gdk-Pixbuf is a toolkit for image loading and pixel buffer processing. An integer overflow vulnerability exists in the tiffimageparse function in Gdk-Pixbuf version 2.36.6. A remote attacker can exploit this vulnerability to execute code by sending a file or URL...

DEBIAN-CVE-2017-2870

An exploitable integer overflow vulnerability exists in the tiffimageparse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability...

CVE-2017-2870

An exploitable integer overflow vulnerability exists in the tiffimageparse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability...

UBUNTU-CVE-2017-2870

An exploitable integer overflow vulnerability exists in the tiffimageparse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability...

DEBIAN-CVE-2017-13731

There is an illegal address access in the function postprocesstermcap in parseentry.c in ncurses 6.0 that will lead to a remote denial of service attack...

UBUNTU-CVE-2017-13731

There is an illegal address access in the function postprocesstermcap in parseentry.c in ncurses 6.0 that will lead to a remote denial of service attack...

UBUNTU-CVE-2017-12961

There is an assertion abort in the function parseattributes in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service...

DEBIAN-CVE-2017-12961

There is an assertion abort in the function parseattributes in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service...

The vulnerability of the Oniguruma library, which arises from the use of an uninitialized variable and allows for memory corruption to occur.

The vulnerability of the Oniguruma library arises from an improper change in the state of the parsecharclass function. This allows for the use of an uninitialized variable during writing to the buffer. Exploiting this vulnerability could enable a malicious actor to cause memory corruption by...

Microsoft Edge Charka Failed Re-Parse

Microsoft Edge: Chakra: InterpreterStackFrame::ProcessLinkFailedAsmJsModule incorrectly re-parses CVE-2017-8645 When Chakra fails to link an asmjs module, it tries to re-parse the failed-to-link asmjs function to treat it as a normal javascript function. But it incorrectly handles the case where...

Ledger 'ledger::parse_date_mask_routine' function buffer overflow vulnerability

Ledger is an accounting system written by software developer John Wiegley that supports UNIX commands. A security vulnerability in the 'ledger::parsedatemaskroutine' function in the Ledger times.cc file allows remote attackers to exploit the vulnerability by submitting a special file for denial o...