59 matches found
SUSE CVE-2016-3074
Integer signedness error in GD Graphics Library 2.1.1 aka libgd or libgd2 allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow...
SUSE CVE-2018-6412
In the function sbusfbioctlhelper in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAPSPARC and FBIOGETCMAPSPARC commands...
CVE-2020-28926
ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...
DEBIAN-CVE-2020-28926
ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...
Buffer overflow
ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...
CVE-2020-28926
ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...
CVE-2020-28926
CVE-2020-28926 affects ReadyMedia (MiniDLNA) prior to 1.3.0 and enables remote code execution via a malicious UPnP HTTP request using HTTP chunked encoding, triggering a signedness bug that leads to a buffer overflow in memcpy/memmove. Multiple connected advisories confirm the issue and provide f...
CVE-2020-28926
ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...
CVE-2020-28926
ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...
CVE-2019-19945
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...
ALPINE-CVE-2018-5711
gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...
UBUNTU-CVE-2018-5711
gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...
DEBIAN-CVE-2017-14169
In the mxfreadprimerpack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a crafted file, which claims a large "itemnum" field such as 0xffffffff, is provided. As a result, the variable "itemnum" turns negative, bypassing the check for a large...
eGlibc - Signedness Code Execution
eGlibc - Signedness Code Execution Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE : CVE-2011-2702 ...
kernel: cifs: signedness issue in CIFSFindNext()
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service memory corruption or possibly have unspecified other impact via a large length value in a response to a read request for a directory...
kernel: drm_modeset_ctl signedness issue
Integer signedness error in the drmmodesetctl function in 1 drivers/gpu/drm/drmirq.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.38 and 2 sys/dev/pci/drm/drmirq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and...
PT-2010-1054 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.36.2 kernel-devel-2.6.9 version kernel-doc-2.6.9 version kernel-hugemem-2.6.9 version kernel-2.6.9 version kernel-largesmp-2.6.9 version kernel-smp-devel-2.6.9 version kernel-smp-2.6.9 version...
openSUSE 10 Security Update : freetype2 (freetype2-3744)
This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. CVE-2007-2754 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
DLINK 614+ - SOHO routers, DHCP service DOS
TITLE: DLINK 614+ - SOHO routers, DHCP service DOS http://www.dlink.com TYPE: signedness bug QUOTE from DLINK: The AirPlus DI-614+ combines the latest advancements in 802.11b silicon chip design from Texas Instruments, utilizing their patented Digital Signal ProcessingTM technology, and D-Link?s...