Input validation

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

CVE-2016-9305

The CVE 2016-9305 entry concerns Autodesk FBX-SDK prior to 2017.1 where improper handling of type mismatches and deleted objects while reading/converting malformed FBX files can lead to access to uninitialized pointers. This vulnerability is described across multiple sources (including CNVD and N...

CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

Android ssp_batch_ioctl Out-Of-Bounds Write Exploit

Android suffers from an out-of-bounds write in sspbatchioctl. Android: OOB write in sspbatchioctl SensorHub exposes a character device under /dev/batchio which can be used in order to send instructions to batches of running sensors. The IOCTL handler from this device has the following high-level...

icoutils -- check_offset overflow on 64-bit systems

Choongwoo Han reports: An exploitable crash exists in the wrestool utility on 64-bit systems where the result of subtracting two pointers exceeds the size of int...

NVIDIA Windows GPU Display Driver Local Elevation of Privilege Vulnerability (CNVD-2016-12908)

NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. A security vulnerability exists in the kernel mode layer nvlddmkm.sys processor of DxgDdiEscape in all versions of the NVIDIA Windows GPU Display Driver, which arises from the...

CVE-2016-8813

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges...

Design/Logic Flaw

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges...

CVE-2016-8813

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges...

CVE-2016-8806

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x5000027 where a pointer passed from an user to the driver is used without...

Denial of Service Vulnerability in CheckSSDT.sys by Anthem ATool Tool

ATool is a system security testing toolset that analyzes, diagnoses and disposes of all kinds of common host problems and harmful files, and is able to check and repair the system's shares, accounts, patches and other information. A denial of service vulnerability exists in the Anthem ATool tool...

Microsoft Edge - 'Array.join' Infomation Leak (MS16-119)

var y = 0; var t = new Array1,2,3; t.length = 100; var o = ; Object.definePropertyo, '3', get: function alert'get!'; t0 = ; var j = ; forvar i = 0; i 100; i++ ti = a : i;...

CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

CVE-2016-3823

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...

Heap overflow

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...

CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

UBUNTU-CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

CVE-2016-3823

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...

UBUNTU-CVE-2016-3823

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...