LibTIFF stack buffer overflow vulnerability (CNVD-2017-00978)

LibTiff is an application library responsible for encoding/decoding the TIFF image format. LibTIFF suffers from a stack buffer overflow vulnerability that stems from a failure to perform sufficient bounds checking when copying user data into an undersized buffer. An attacker could exploit this...

libreoffice: Stack-buffer-overflow in SVMConverter::ImplConvertFromSVM1

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5153978836844544 Project: libreoffice Fuzzer: libFuzzerlibreofficesvmfuzzer Fuzz target binary: svmfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type...

SUSE-SU-2017:0084-1 Security update for jasper

This update for jasper fixes the following issues: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. bsc1012530 - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. bsc1010977 - CVE-2016-9398: Invalid jasper files could...

Remote code execution

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting...

CVE-2015-2868

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting...

llvm_libcxxabi: Stack-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, __cxxabiv1::malloc_all

Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5776265793503232 Project: llvmlibcxxabi Fuzzer: libFuzzerllvmlibcxxabicxademanglefuzzer Fuzz target binary: cxademanglefuzzer Job Type: libfuzzerasanllvmlibcxxabi Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Cra...

gnutls: Stack-buffer-overflow in cdk_pk_get_keyid

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6746150208012288 Project: gnutls Fuzzer: libFuzzergnutlsopenpgpcertparserfuzzer Fuzz target binary: gnutlsopenpgpcertparserfuzzer Job Type: libfuzzerasangnutls Platform Id: linux...

NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Buffer Overflow

The NETGEAR WNR2000 router has a stack buffer overflow vulnerability in the hiddenlangavi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which is in the configuration of the router. An authenticated attacker can simply fetch this from a page, but an...

Debian: Security Advisory (DSA-3746-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Libical Heap Buffer Overflow Vulnerability

Libical is an open source implementation of the icalendar protocol and protocol data units. A stack buffer overflow vulnerability exists in libical. An attacker could exploit this vulnerability to crash an affected program, resulting in a denial of service...

ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python -- coding: utf8 -- ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE Vendor: University of Manchester. Developed by Marcel van Herk, Lambert Zijp and Jan Meinders. The Netherlands Cancer Institute Product web pag...

DCMTK 3.6.0 storescp - Stack Buffer Overflow Exploit

Exploit for linux platform in category dos / poc !/usr/bin/env python -- coding: utf8 -- DCMTK storescp DICOM storage C-STORE SCP Remote Stack Buffer Overflow Vendor: OFFIS e. V. Product web page: http://www.dcmtk.org Affected version: = 3.6.0 Not affected: DCMTK-3.6.120160216 -...

Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service Exploit

Exploit for macOS platform in category dos / poc !/usr/bin/env python -- coding: utf8 -- Horos 2.1.0 DICOM Medical Image Viewer Remote Memory Overflow Vulnerability Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: Horos™ is an open-source, free...

Orthanc DICOM Server 1.1.0 - Memory Corruption

!/usr/bin/env python -- coding: utf8 -- Orthanc DICOM Server 1.1.0 Remote Memory Corruption Vulnerability Vendor: Sébastien Jodogne Product web page: http://www.orthanc-server.com Affected version: 1.1.0 Summary: Orthanc is a Belgian, open-source, lightweight RESTful DICOM server for healthcare a...

Fatek Automation Communication Server Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation Communication Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of query requests. An overly long string sent while...

Samsung Devices KNOX Extensions - OTP TrustZone Trustlet Stack Buffer Overflow

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=938 As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The tokens themselves are generated in a TrustZone application within the TEE UID...

[ASA-201612-9] jasper: multiple issues

Arch Linux Security Advisory ASA-201612-9 ========================================= Severity: Critical Date : 2016-12-07 CVE-ID : CVE-2015-5203 CVE-2015-8751 CVE-2016-2089 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8884 CVE-2016-8885 CVE-2016-8887 CVE-2016-9262 CVE-2016-9387...

Extreme ExtremeXOS glibc Vulnerability (VN-2016-003)

Extreme ExtremeXOS is prone to a vulnerability in glibc. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:extremenetworks:exos"; i...

Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) Exploit

Exploit for hardware platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' Payload working status: MIPS: - all valid payloads working the ones that we are able to send...

Jasper 'jpc_tsfb.c' Stack Buffer Overflow Vulnerability

JasPer is an open source implementation of the JPEG-2000 codec . Jasper 'jpctsfb.c' suffers from a stack buffer overflow vulnerability due to a failure to adequately copy user-supplied data into a buffer. An attacker could use this vulnerability to execute arbitrary script code in the context of ...