26 matches found
RUSTSEC-2026-0127 Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption
In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...
neqo-qpack has iInteger overflow in qpack dynamic table indexing
Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...
AZL-76712 CVE-2026-25541 affecting package azl-compliance for versions less than 1.0.2-3
Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "vcapacity = newcap + offset" uses an unchecked addition. When newcap + offset...
ruint affected by unsoundness of safe `reciprocal_mg10`
The function reciprocalmg10 is marked as safe but can trigger undefined behavior out-of-bounds access because it relies on debugassert! for safety checks instead of assert!. When compiled in release mode, the debugassert! is optimized out, potentially allowing invalid inputs to cause memory...
RUSTSEC-2025-0137 Unsoundness of safe `reciprocal_mg10`
The function reciprocalmg10 is marked as safe but can trigger undefined behavior out-of-bounds access because it relies on debugassert! for safety checks instead of assert!. When compiled in release mode, the debugassert! is optimized out, potentially allowing invalid inputs to cause memory...
Unsoundness of safe `reciprocal_mg10`
The function reciprocalmg10 is marked as safe but can trigger undefined behavior out-of-bounds access because it relies on debugassert! for safety checks instead of assert!. When compiled in release mode, the debugassert! is optimized out, potentially allowing invalid inputs to cause memory...
PT-2024-40411 · Unknown · Simd-Json-Derive
Name of the Vulnerable Software and Affected Versions: simd-json-derive versions prior to 0.12.0 Description: The issue arises from an invalid use of MaybeUninit::uninit.assume init in the derive macro of simd-json-derive, leading to undefined behavior. This misuse can cause invalid memory access...
transpose: Buffer overflow due to integer overflow
Given the function transpose::transpose: rust fn transposeinput: &T, output: &mut T, inputwidth: usize, inputheight: usize The safety check inputwidth inputheight == output.len can fail due to inputwidth inputheight overflowing in such a way that it equals output.len. As a result of failing the...
Buffer overflow due to integer overflow in `transpose`
Given the function transpose::transpose: rust fn transposeinput: &T, output: &mut T, inputwidth: usize, inputheight: usize The safety check inputwidth inputheight == output.len can fail due to inputwidth inputheight overflowing in such a way that it equals output.len. As a result of failing the...
`MaybeUninit` misuse in `simd-json-derive`
An invalid use of MaybeUninit::uninit.assumeinit in simd-json-derive's derive macro can cause undefined behavior. The original code used MaybeUninit to avoid initialisation of the struct and then set the fields using ptr::write. The undefined behavior triggered by this misuse of MaybeUninit can...
RUSTSEC-2023-0087 `MaybeUninit` misuse in `simd-json-derive`
An invalid use of MaybeUninit::uninit.assumeinit in simd-json-derive's derive macro can cause undefined behavior. The original code used MaybeUninit to avoid initialisation of the struct and then set the fields using ptr::write. The undefined behavior triggered by this misuse of MaybeUninit can...
RUSTSEC-2023-0016 Possible out-of-bounds read in release mode
Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...
SUSE CVE-2016-9535
tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...
Integer Overflow in HeaderMap::reserve() can cause Denial of Service
HeaderMap::reserve used usize::nextpoweroftwo to calculate the increased capacity. However, nextpoweroftwo silently overflows to 0 if given a sufficiently large number in release mode. If the map was not empty when the overflow happens, the library will invoke self.grow0 and start infinite probin...
RUSTSEC-2019-0033 Integer Overflow in HeaderMap::reserve() can cause Denial of Service
HeaderMap::reserve used usize::nextpoweroftwo to calculate the increased capacity. However, nextpoweroftwo silently overflows to 0 if given a sufficiently large number in release mode. If the map was not empty when the overflow happens, the library will invoke self.grow0 and start infinite probin...
LibTIFFtif_predict.h/tif_predict.c Buffer Overflow Vulnerability
Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A buffer overflow vulnerability exists in libtiff version 4.0.6 in tifpredict.h/tifpredict.c...
Heap overflow
tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...
CVE-2016-9535
tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...
CVE-2016-9535
tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...
CVE-2016-9535
CVE-2016-9535 affects libtiff 4.0.6 (tif_predict.h/.c) and can trigger assertion failures in debug builds or buffer overflows in release builds when handling unusual tiles (e.g., YCbCr with subsampling). Several connected advisories confirm heap-buffer-overflow risks in LibTIFF 4.0.6 components (...