UBUNTU-CVE-2017-18199

reallocsymlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service NULL Pointer Dereference via a crafted iso file...

PT-2018-3810 · Gnu +5 · Gnu Libcdio +5

Name of the Vulnerable Software and Affected Versions: GNU libcdio versions prior to 1.0.0 Description: The issue is related to the realloc symlink function in rock.c and is associated with pointer dereference errors. It can be exploited by remote attackers to cause a denial of service...

DEBIAN-CVE-2017-16844

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than...

SWFTools Denial of Service Vulnerability (CNVD-2017-36497)

SWFTools is a utility toolset for working with Adobe Flash files SWF files. A security vulnerability exists in the 'pngload' function in the lib/png.c file in SWFTools version 0.9.2, which stems from the program's failure to detect the return value of a realloc call. A remote attacker can exploit...

CVE-2017-16796

In SWFTools 0.9.2, the pngload function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service invalid write and application crash or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file...

BSA-2017-274

Security Advisory ID : BSA-2017-274 Component : Authfile.c in sshd in OpenSSH before 7.4 Revision : 3.0: Final authfile.cinsshdinOpenSSHbefore 7.4 does not properly consider the effects ofreallocon buffer contents, which might allow local users to obtain sensitive private-key information by...

shopify-scripts: SIGABRT - mirb and mruby

PoC ------------------- The following code triggers the bug attached as test.rb: def methodmissingm,e self.ff||=00end e Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb Reading symbols from ./mirb...done. gdb r test.rb Starting program: /home/x/Desktop/test/mruby/bin/mi...

shopify-scripts: SIGABRT in only mirb

PoC ------------------- The following code triggers the bug attached as test.rb: def tostr 00end 0.times Debug - mirb ------------------- The program being debugged has been started already. Start it from the beginning? y or n y Starting program: /home/x/Desktop/test/mruby/bin/mirb test.rb mirb -...

ALPINE-CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

UBUNTU-CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

double free in krb5 code

In curl's implementation of the Kerberos authentication mechanism, the function readdata in security.c is used to fill the necessary krb5 structures. When reading one of the length fields from the socket, it fails to ensure that the length parameter passed to realloc is not set to 0. This would...

CURL-CVE-2016-8619 double free in krb5 code

In curl's implementation of the Kerberos authentication mechanism, the function readdata in security.c is used to fill the necessary krb5 structures. When reading one of the length fields from the socket, it fails to ensure that the length parameter passed to realloc is not set to 0. This would...

double free in curl_maprintf

The libcurl API function called curlmaprintf can be tricked into doing a double free due to an unsafe sizet multiplication, on systems using 32-bit sizet variables. The function is also used internally in numerous situations. The function doubles an allocated memory area with realloc and allows t...

CVE-2016-6309

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...

Wireshark - addresses_equal 'dissect_rsvp_common' Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=645 The following crash due to a use-after-free condition can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": Attached are three files...

Python 2.7 - 'array.fromstring' Method Use-After-Free

Title: Python 2.7 array.fromstring Use After Free Credit: John Leitch [email protected] Url1: http://autosectools.com/Page/Python-array-fromstring-Use-After-Free Url2: http://bugs.python.org/issue24613 Resolution: Fixed The Python 2.7 array.fromstring method suffers from a use after free caus...

Python 2.7 array.fromstring Use After Free

Title: Python 2.7 array.fromstring Use After Free Credit: John Leitch [email protected] Url1: http://autosectools.com/Page/Python-array-fromstring-Use-After-Free Url2: http://bugs.python.org/issue24613 Resolution: Fixed The Python 2.7 array.fromstring method suffers from a use after free caus...

Python 2.7 array.fromstring Use After Free Vulnerability

Python 2.7 array.fromstring method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring call. Title: Python 2.7 array.fromstring Use After Free Credit: John Leitch email protected Url1:...

Amazon Linux: Security Advisory (ALAS-2011-7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2015-6242

The wmemblocksplitfreechunk function in epan/wmem/wmemallocatorblock.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote...