CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CVE-2018-14337 issue affects mruby 1.4.1 where the CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c can overflow a signed integer, potentially causing out-of-bounds memory access because mrb_str_resize does not check for a negative length. This is documented across multiple connected source...

Signed integer overflow in mrb_str_format

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

FreeBSD : bro -- multiple memory allocation issues (2f4fd3aa-32f8-4116-92f2-68f05398348e)

Corelight reports : Bro 2.5.4 primarily fixes security issues Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a...

Fedora 27 : php (2018-12f92ff831)

PHP version 7.1.16 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

Fedora 26 : php (2018-c71dd2e199)

PHP version 7.1.16 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

php security update

5.4.16-43 - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx CVE-2016-10167 - gd: Signed Integer Overflow gdio.c CVE-2016-10168...

wget HTTP integer overflow(CVE-2017-13089)

That’s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levomäki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more...

Heap overflow

LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service stack-based buffer overflow or heap-based buffer overflow or possibly have unspecified other impact via a crafted file, as demonstrated by...

CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

DEBIAN-CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

CVE-2017-7603

auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

CVE-2017-7603

auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

UBUNTU-CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

Fedora 25 : gd (2017-bab5698540)

Version 2.2.4 - 2017-01-18 Security - gdImageCreate doesn't check for oversized images and as such is prone to DoS vulnerabilities. CVE-2016-9317 - double-free in gdImageWebPtr CVE-2016-6912 - potential unsigned underflow in gdinterpolation.c - DOS vulnerability in gdImageCreateFromGd2Ctx Fixed -...