CVE-2019-16165

GNU cflow up to version 1.6 is affected by a use-after-free in the reference function of parser.c, per CVE-2019-16165. Exploitation could lead to denial of service or arbitrary code execution, as described across multiple sources. The issue is tied to memory management in the parser and is presen...

CVE-2019-16166

GNU cflow versions up to 1.6 are affected by a heap-based buffer over-read in the nexttoken function of parser.c (CVE-2019-16166). The issue is documented across multiple sources (NVD, OSV, SUSE, Debian/Ubuntu OSV entries) and consistently references the same core flaw in parser.c. Public referen...

CVE-2019-16166

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c...

CVE-2019-16166

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c...

CVE-2019-15757

libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c...

CVE-2019-15757

CVE-2019-15757: libMirage 3.2.2 in CDemu contains a NULL pointer dereference in the NRG parser (parser.c). This affects multiple OS advisories (e.g., OpenSUSE/Mageia/OpenVAS entries) and is associated with a CVSSv3 base score of 6.5 (Network, Low ease of exploitation, User interaction required) a...

Open-Xchange: Memory corruption in imap-parser.c

Hello Dovecot devs, this is a report from Nick Roessler and Rafi Rubin. We are researchers at the University of Pennsylvania. We’ve been fuzzing Dovecot and have triggered some memory errors---this one is the most serious, and can be used for controlled indirect out-of-bounds writes into heap...

CVE-2019-7581

CVE-2019-7581 affects libming up to version 0.4.8, where the parseSWF_ACTIONRECORD function in util/parser.c can be triggered by a crafted SWF file to cause memory allocation failure (remote, impact unspecified in description). The vulnerability is described as a remote memory allocation issue wi...

PT-2019-18101 · Gnu +3 · Gnu Recutils +3

Name of the Vulnerable Software and Affected Versions: GNU Recutils version 1.8 Description: A memory leak issue was found in the rec buf new function in rec-buf.c when called from rec parse rset in rec-parser.c within librec.a. Recommendations: For GNU Recutils version 1.8, at the moment, there ...

Denial Of Service (DoS)

libxml2.so is vulnerable to Denial Of Service DoS. parser.c does not prevent entity expansion properly which would allow a remote attacker to provide a specially crafted XML file to cause excessive entity substitutions even if entity substituion was disabled, causing a denial of service condition...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. The vulnerability exists as parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related...

Updated rsyslog packages fix security vulnerability

A buffer overflow was found in the SanitizeMsg function of rsyslogd in runtime/parser.c which may cause a denial of service or other consequences...

xtimor NMEA library buffer overflow vulnerability

The xtimor NMEA library aka nmealib is an open source library for using the NMEA protocol. A stack buffer overflow vulnerability exists in the 'nmeaparse' function in the parser.c file in version 0.5.3 of the xtimor NMEA library, which can be exploited by an attacker to cause a denial of service...

EulerOS Virtualization 2.5.1 : libxml2 (EulerOS-SA-2018-1257)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary co...

Google Chrome < 65.0.3325.146 Multiple Vulnerabilities

Binary data 700355.pasl...

Denial Of Service (DoS)

libxml2.so is vulnerable to Denial Of Service DoS. parser.c does not prevent entity expansion properly which would allow a remote attacker to provide a specially crafted XML file to cause excessive entity substitutions even if entity substituion was disabled, causing a denial of service condition...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service attacks due to improper prevention of entity expansion in the xmlStringLenDecodeEntities function in parser.c. A context-dependent attacker is able to cause a denial of service by exhausting CPU using specially crafted XML data...

Denial-of-Service (DoS)

libxml2.so is vulnerable to heap-based buffer overflow. The xmlParseXmlDecl function in parser.c allows context-dependent attackers to cause a denial of service condition when an encoding conversion failure occurs which causes the parser to extract more errors during the failure...

XML External Entities (XXE)

libxml2 is vulnerable to XML external entity attacks. The xmlParserHandlePEReference function in parser.c allows external parameter entities to be loaded regardless of whether entity substitution or validation is enabled. This allows an attacker to cause a denial of service condition or an...

Denial Of Service (DoS)

libxml2.so is vulnerable to denial of service. A malicious user can pass an XML file to the xmlParseMarkupDecl function in parser.c to cause a buffer over-read that can crash the application or disclose sensitive information in the buffer...