Integer overflow

Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bngrow function...

CVE-2023-36326

Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bngrow function...

RELIC Input Validation Error Vulnerability

RELIC is a modern research cryptography meta-toolkit open-sourced by relic-toolkit that emphasizes efficiency and flexibility. RELIC 34580d840469361ba9b5f001361cad659687b9ab A security vulnerability exists in a previous version that stems from a vulnerability that allows an attacker to execute...

Ubuntu 20.04 ESM : Nanopb vulnerabilities (USN-6121-1)

The remote Ubuntu 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6121-1 advisory. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose...

K53214222: midi kernel driver vulnerability CVE-2018-10902

Security Advisory Description It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local...

SUSE CVE-2022-20803

A vulnerability in the OLE2 file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a...

CVE-2022-20803

A vulnerability in the OLE2 file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a...

SUSE CVE-2016-9262

Multiple integer overflows in the 1 jasrealloc function in base/jasmalloc.c and 2 memresize function in base/jasstream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities...

SUSE CVE-2016-9830

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service crash via large dimensions in a jpeg image...

SUSE CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

SUSE CVE-2017-16796

In SWFTools 0.9.2, the pngload function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service invalid write and application crash or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file...

SUSE CVE-2017-16844

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than...

SUSE CVE-2018-11416

jpegoptim.c in jpegoptim 1.4.5 fixed in 1.4.6 has an invalid use of realloc and free, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

SUSE CVE-2019-14973

TIFFCheckMalloc and TIFFCheckRealloc in tifaux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash...

SUSE CVE-2019-17178

HuffmanTreemakeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

SUSE CVE-2019-17545

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold is exceeded...

SUSE CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc while other local variables still point at the original buffer...

SUSE CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

SUSE CVE-2021-21401

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

SUSE CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...