10 matches found
ROS-20240911-09
Vulnerability of the pkgconftupleparse function libpkgconf/tuple.c of the software tool for setting flags for pkgconf development libraries is related to a buffer overrun. compiler and linker flags for pkgconf development libraries is related to the operation exceeding the buffer boundaries. in...
In pkgconf through 1.9.3 variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example a .pc file containing a few hundred bytes can expand to one billion bytes.
...
DEBIAN-CVE-2023-24056
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleparse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes...
pkgconf buffer overflow vulnerability
pkgconf is an application that configures compilers for development frameworks. A buffer overflow vulnerability exists in the 'dequote' function in pkgconf versions 1.5.0 through 1.5.2. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service with the help...
CVE-2018-1000221
pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote that can result in dequote function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to...
CVE-2018-1000221
pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote that can result in dequote function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to...
CVE-2018-1000221
pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote that can result in dequote function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to...
CVE-2018-1000221
pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote that can result in dequote function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to...
CVE-2018-1000221
Affected software: pkgconf up to version 1.5.2. Vulnerability: buffer overflow in dequote() when initial length is 0, potentially leading to overflow through a specially crafted .pc file. Impact/Severity: reported as high/critical in CVSS terms (C/H/I/H/A/H per provided metrics). Status/Fix: vuln...
CVE-2018-1000221
pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote that can result in dequote function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to...