AZL-10552 CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

Reallocation bug can trigger heap memory corruption

The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. Details The reallocation logic at yajlbuf.cL64 may result in the need 32bit integer wrapping to 0 when need approaches a value of 0x80000000...

Integer overflow

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

Red Hat FreeIPA extdom plugin denial of service vulnerability

Red Hat FreeIPA is an integrated security information management solution from Red Hat that provides an easy-to-manage identity, policy and audit IPA suite for Linux and Unix computer networks. extdom is a directory server plug-in. A security vulnerability in the 'getusergrouplist' function in...