libxml2 incomplete fix for stack buffer overflow vulnerability

Libxml2 is the GNOME project team developed a C-based library for parsing XML documents. Libxml2 suffers from a stack-based buffer overflow vulnerability that arises from a program that does not perform proper boundary checking on user input. An attacker could use this vulnerability to execute...

proj4: Stack-buffer-overflow in pj_open_lib_ex

Detailed report: https://oss-fuzz.com/testcase?key=6058391271112704 Project: proj4 Fuzzer: aflproj4standardfuzzer Fuzz target binary: standardfuzzer Job Type: aflasanproj4 Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address: 0x7f2bb94a2421 Crash State: pjopenlibex...

HTTrack v3.x - Stack Buffer Overflow Vulnerability

Document Title: =============== HTTrack v3.x - Stack Buffer Overflow Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2068 Release Date: ============= 2017-05-21 Vulnerability Laboratory ID VL-ID: ==================================== 2068...

CVE-2017-6025

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overfl...

CVE-2017-6025

CVE-2017-6025 affects 3S-Smart Software Solutions GmbH CODESYS Web Server (WebVisu) versions 2.3 and prior. Root cause: stack-based buffer overflow when processing XML due to unverified string sizes during memory copy, allowing a malicious user to crash the application or potentially execute arbi...

CVE-2017-5177

CVE-2017-5177 affects VIPA Controls WinPLC7 (versions up to 5.0.45.5921). A vulnerability in processing the TCP packet length field can cause a stack-based buffer overflow, potentially enabling remote code execution. Exploitation is possible remotely without authentication, via specially crafted ...

Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC)

Exploit Title: Sure Thing Disc Labeler - Stack Buffer Overflow PoC Date: 5-19-17 Exploit Author: Chance Johnson [email protected] Vendor Homepage: http://www.surething.com/ Software Link: http://www.surething.com/disclabeler Version: 6.2.138.0 Tested on: Windows 7 x64 / Windows 10 Usage: Ope...

gdal: Stack-buffer-overflow in gdal_printbuf_memappend

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5789067830624256 Project: gdal Fuzzer: libFuzzergdalogrfuzzer Fuzz target binary: ogrfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address:...

Stack overflow

Stack buffer overflow in vshttpd aka ioos in HooToo Trip Mate 6 TM6 firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted fname parameter of a GET request...

CVE-2017-9026

Stack buffer overflow in vshttpd aka ioos in HooToo Trip Mate 6 TM6 firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted fname parameter of a GET request...

CVE-2017-9026

CVE-2017-9026 affects the HooToo Trip Mate 6 (TM6) with vshttpd (ioos) in firmware up to version 2.000.030 and earlier. The vulnerability is a stack buffer overflow in vshttpd triggered by a specially crafted fname parameter in a GET request, allowing remote unauthenticated attackers to control t...

gdal: Stack-buffer-overflow in OGRTigerDataSource::Open

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5658450124079104 Project: gdal Fuzzer: libFuzzergdalmitabtabfuzzer Fuzz target binary: mitabtabfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address:...

ffmpeg: Stack-buffer-overflow in color_string_to_rgba

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5961584419536896 Project: ffmpeg Fuzzer: libFuzzerffmpegAVCODECIDXPMfuzzer Fuzz target binary: ffmpegAVCODECIDXPMfuzzer Job Type: libfuzzerasanffmpeg Platform Id: linux Crash Type: Stack-buffer-overflow...

ALLPlayer M3U File Stack Buffer Overflow (CVE-2013-7409)

A stack buffer overflow vulnerability exists in ALLPlayer. The vulnerability is due to insufficient bounds checking on a M3U file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted M3U file. Successful exploitation could lead to arbitrary code...

CVE-2017-8399

PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2match.c, related to a "pattern with very many captures."...

Foxit PDF Reader Title Stack Buffer Overflow

A stack buffer overflow vulnerability has been reported in Foxit PDF Reader. The vulnerability is due to mishandling of an overly long string in the Title field. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted pdf file...

Zinf Audio Player PLS File Stack Buffer Overflow (CVE-2004-0964)

A stack buffer overflow vulnerability exists in Zinf Audio Player 2.2.1. The vulnerability is due to insufficient bounds checking on a PLS file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted PLS file. Successful exploitation could lead to...

IBM Lotus Domino Server Stack Buffer Overflow Vulnerability

IBM Lotus Domino Server is prone to a stack-based buffer overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Rockwell Automation Logix Controller Stack Buffer Overflow (CVE-2016-9343)

A stack buffer overflow vulnerability exists in Rockwell Automation Logix Controllers. The vulnerability is due to insufficient bounds checking. A successful exploitation could lead to arbitrary code execution...

RHEL 7 : firefox (RHSA-2017:1106)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:1106 advisory. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fixes: Multiple flaws were found...