CVE-2017-11345

CVE-2017-11345 describes a stack buffer overflow in the networkmap component of Asuswrt-Merlin firmware and ASUS firmware for a broad range of ASUS routers (e.g., RT-AC53, RT-AC68U, RT-AC88U, RT-N66U, RT-N12, RT-AC3200, RT-AC3100, etc.). The vulnerability is triggered when a crafted device descri...

PHP < 5.6.28, 7.x < 7.0.13 Multiple Vulnerabilities (Nov 2016) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP < 5.6.28, 7.x < 7.0.13 Multiple Vulnerabilities (Nov 2016) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Internet Bug Bounty: PHP INI Parsing Stack Buffer Overflow Vulnerability

Description: A stack buffer overflow exists in the latest stable release of PHP-7.1.5 and PHP-5.6.30 in PHP INI parsing API, which may accept network / local filesystem input. On malformed inputs, a stack buffer overflow in zendinidoop could write 1-byte off a fixed size stack buffer. On...

gdal: Stack-buffer-overflow in void SwapEndianness<long&, unsigned long>

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=4870022369378304 Project: gdal Fuzzer: aflgdalcadfuzzer Fuzz target binary: cadfuzzer Job Type: aflasangdal Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7f85edf6d128 Crash...

Schneider Electric Wonderware ArchestrA Logger Stack Buffer Overflow Vulnerability

Schneider Electric Wonderware ArchestrA Logger is a logger from Schneider Electric France for use on Schneider equipment. A stack buffer overflow vulnerability exists in Schneider Electric Wonderware ArchestrA Logger 2017.426.2307.1 and earlier versions. A remote attacker could exploit the...

CVE-2017-9225

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...

Microsoft Skype Stack Buffer Overflow Vulnerability

Microsoft Skype is a suite of instant messaging software from the American company Microsoft. A stack buffer overflow vulnerability exists in Microsoft Skype. An attacker could exploit this vulnerability to cause a denial of service software crash and execute code...

CVE-2017-9948

CVE-2017-9948: A stack buffer overflow in Skype's MSFTEDIT.DLL arises from mishandling images copied from an RDP session clipboard, affecting Skype versions 7.2, 7.35, and 7.36 prior to 7.37. The issue allows remote/local exploitation to crash or potentially execute code, as described across mult...

CVE-2017-9928

In lrzip 0.631, a stack buffer overflow was found in the function getfileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file...

CVE-2017-9929

In lrzip 0.631, a stack buffer overflow was found in the function getfileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file...

CVE-2017-9928

In lrzip 0.631, a stack buffer overflow was found in the function getfileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file...

CVE-2017-9929

In lrzip 0.631, a stack buffer overflow was found in the function getfileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file...

CVE-2017-9929

lrzip 0.631 is affected by a stack-based buffer overflow in get_fileinfo (CVE-2017-9929), enabling DoS via crafted files. Debian/Ubuntu advisories (DLA-2725-1, USN-5171-1/2) indicate fixes in updated packages and list related CVEs (CVE-2017-8844, -8846, -9928, -9929, -2018-5650, -2018-5747, -2018...

[ASA-201706-33] poppler: arbitrary code execution

Arch Linux Security Advisory ASA-201706-33 ========================================== Severity: High Date : 2017-06-26 CVE-ID : CVE-2017-9775 CVE-2017-9776 Package : poppler Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-326 Summary ======= The package...

PT-2017-19292 · Lrzip +1 · Lrzip +1

Name of the Vulnerable Software and Affected Versions: lrzip version 0.631 Description: A stack buffer overflow was found in the get fileinfo function in lrzip.c at line 1074, which allows attackers to cause a denial of service via a crafted file. Recommendations: For lrzip version 0.631, conside...

LAME 3.99.5 - &#039;III_dequantize_sample&#039; Stack Buffer Overflow

Description: lame is a high quality MPEG Audio Layer III MP3 encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker. In cases like this, when upstream is not active and...

Microsoft Skype - v7.x Stack Buffer Overflow Vulnerability

Document Title: =============== Microsoft Skype - v7.x Stack Buffer Overflow Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2084 Video: https://www.youtube.com/watch?v=VUx2TSJ36-g Advisory: https://www.vulnerability-lab.com/getcontent.php?id=2071...

CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service application crash via a crafted PDF document...

CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service application crash via a crafted PDF document...