SUSE CVE-2017-9404

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tifojpeg.c, which allows attackers to cause a denial of service via a crafted file...

OSV-2017-76 Use-of-uninitialized-value in Archive::ConvertFileHeader

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4279 Crash type: Use-of-uninitialized-value Crash state: Archive::ConvertFileHeader Archive::ReadHeader15 Archive::ReadHeader...

OSV-2017-14 Use-of-uninitialized-value in Archive::ConvertFileHeader

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4614 Crash type: Use-of-uninitialized-value Crash state: Archive::ConvertFileHeader Archive::ReadHeader15 Archive::ReadHeader...

karchive/karchive_fuzzer: Use-of-uninitialized-value in QByteArray::QByteArray

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5657295809150976 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzermsankarchive Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

gdal/envi_fuzzer: Heap-buffer-overflow in ENVIDataset::ReadHeader

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5710112736935936 Project: gdal Fuzzer: libFuzzergdalenvifuzzer Fuzz target binary: envifuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

CVE-2017-17722

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file...

CVE-2017-17722

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file...

CVE-2017-17722

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file...

PYSEC-2018-121

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file...

CVE-2017-17722

CVE-2017-17722 relates to Exiv2 0.26 where a reachable assertion in bigtiffimage.cpp readHeader could enable a remote denial of service via a crafted TIFF file. The connected advisories confirm multiple Exiv2-related issues across formats (CRW, PNG, WebP, PSD) and note the fixed version is 0.27.2...

CVE-2017-17722

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file...

Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability

Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF...

Total Commands ISO_WinCmd插件多个远程栈溢出漏洞

Total Commander（原Windows Commander）是一款磁盘文件管理软件，可以取代资源管理器。 Total Commander的isowincmd插件在创建ISO镜像中文件的完整路径名时存在栈溢出漏洞。 溢出发生在LoadTree和ReadHeader函数中，这两个函数通过读取ISO文件中的目录项创建ISO镜像中每个文件的完整路径名。从每个目录项读取的目录名通过lstrcatA连接到一起，最后连接到文件名，然后使用不安全的lstrcpyA函数将创建的完整路径名拷贝到固定长度的栈缓冲区。...