CVE-2016-3823

CVE-2016-3823 affects the Mediaserver in Android’s mediaserver, specifically the secure-session feature in the mm-video-v4l2 venc component. The issue arises from mishandling heap pointers, enabling a crafted application to gain privileges. Affected products/versions include Android 4.x before 4....

CVE-2016-3835

Summary (CVE-2016-3835) : A vulnerability in the Mediaserver component (mm-video-v4l2 venc) of Android’s mediaserver on 4.x to 6.x releases allows an attacker via a crafted application to read sensitive information by mishandling heap pointers. Affects Android versions listed in the description (...

Font Variable Null Pointer Denial of Service Vulnerability in swfstrigns

SWFTools is a set of software tools for SWF manipulation and creation of utility authoring. swfstrings is a text parsing tool. In versions swftools-0.9.2, 0.9.1, 0.8.0, 0.8.1, 0.4.4, elements in the global static array fonts are set to 0x0 and fail to validate their read operation, resulting in a...

CVE-2014-9790

drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm intern...

The vulnerability of the Apple QuickTime multimedia package, which allows a malicious attacker to execute arbitrary code or cause a service failure.

Apple QuickTime software contains a vulnerability related to the absence of initialization for pointers. Exploiting this vulnerability allows an unauthorized attacker to execute arbitrary code or cause a system failure by using a specially crafted list of paths in the video file...

CVE-2016-2477

mm-video-v4l2/vidc/vdec/src/omxvdecmsm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or...

CVE-2016-2558

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service crash, or gain privileges via unspecified vectors related to an untrusted...

PHP 5.5.33 / 7.0.4 - SNMP Format String

Exploit for multiple platform in category remote exploits // Should bypass ASLR/NX just fine // This exploit utilizes PHP's internal "%Z" zval // format specifier in order to achieve code-execution. // We fake an object-type zval in memory and then bounce // through it carefully. First though, we...

Microsoft Internet Explorer CTableLayout AddRow Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

WebRTC and LibVPX vulnerabilities found through code inspection — Mozilla

Security researcher Ronald Crane reported five "moderate" rated vulnerabilities affecting released code that were found through code inspection. These included the following issues in WebRTC: an integer underflow, a missing status check, race condition, and a use of deleted pointers to create new...

Foxit Reader GpRuntime::GpLock::GpLock Memory Misreference Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. A security vulnerability exists in the way Foxit Reader uses the Gdiplus API, constructing PDFs that force the use of suspended pointers that have been released in GpRuntime::GpLock::GpLock. An attacker could exploit this...

SQLite fts3_tokenizer remote code execution vulnerability

SQLite is an embedded database. SQLite suffers from a security vulnerability in the handling of the fts3tokenizer function, which can be exploited by a remote attacker to construct special structured pointers that can be used to execute arbitrary code in the context of the current process...

xen security update

3.0.3-147.el5 - net: add checks to validate ring buffer pointers - Resolves: bz1263273 xen: qemu: Heap overflow vulnerability in ne2000receive function...

FreeBSD : xen-kernel -- leak of main per-domain vcpu pointer array (fc1f8795-881d-11e5-ab94-002590263bf5)

The Xen Project reports : A domain's primary array of vcpu pointers can be allocated by a toolstack exactly once in the lifetime of a domain via the XENDOMCTLmaxvcpus hypercall. This array is leaked on domain teardown. This memory leak could -- over time -- exhaust the host's memory. A domain giv...

xen-kernel -- leak of main per-domain vcpu pointer array

The Xen Project reports: A domain's primary array of vcpu pointers can be allocated by a toolstack exactly once in the lifetime of a domain via the XENDOMCTLmaxvcpus hypercall. This array is leaked on domain teardown. This memory leak could -- over time -- exhaust the host's memory. A domain give...

XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation

Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation Affected Product: XGI VGA Display Manager Affected Version: 6.14.10.1090 Platform: Microsoft Windows XP SP3 CWE Classification: CWE-123: Write-what-where condition Impact: Arbitrary Code Execution Attack vector: IOCTL...

Adobe Flash - AVSS.setSubscribedTags Use-After-Free Memory Corruption

Source: https://code.google.com/p/google-security-research/issues/detail?id=303&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=470864 VULNERABILITY DETAILS Use After Free in Flash AVSS.setSubscribedTags,...

Chrony Memory Corruption Vulnerability

Chrony is a tool for computer time synchronization that implements the NTP protocol and can be used as both a client-side and a server-side program, which is particularly suitable for maintaining computer time accuracy in environments without network connectivity. Chrony has uninitialized pointer...

CVE-2015-3027

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program...

CVE-2015-3027

CVE-2015-3027 concerns Clang in LLVM as used in Apple Xcode prior to 6.3, where incorrect register allocation triggers stack storage for stack-cookie pointers. This behavior can allow context-dependent attackers to bypass the stack-guard protection mechanism in an affected C program. The provided...