CVE-2019-13106

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution...

CVE-2019-13106

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution...

CVE-2019-13106

CVE-2019-13106 affects Das U-Boot 2016.09–2019.07-rc4, where reading a crafted ext4 filesystem can cause a stack buffer overflow by memset() too much data. This supports a likely code execution impact. Affected component: U-Boot memory handling during ext4 filesystem parsing; root cause: overflow...

CVE-2019-13106

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution...

PT-2019-13130 · Denx Software Engineering +2 · Das U-Boot +2

Name of the Vulnerable Software and Affected Versions: Das U-Boot versions 2016.09 through 2019.07-rc4 Description: The issue arises when Das U-Boot attempts to read a crafted ext4 filesystem, leading to a stack buffer overflow due to excessive data being memset. This overflow could potentially...

libvips/pngsave_buffer_fuzzer: Stack-buffer-overflow in write_png_comment

Project: https://github.com/libvips/libvips.git Detailed report: https://oss-fuzz.com/testcase?key=5078454764044288 Project: libvips Fuzzer: libFuzzerlibvipspngsavebufferfuzzer Fuzz target binary: pngsavebufferfuzzer Job Type: libfuzzerasanlibvips Platform Id: linux Crash Type:...

aspell/aspell_fuzzer: Dynamic-stack-buffer-overflow in acommon::unescape

Project: https://github.com/gnuaspell/aspell.git Detailed report: https://oss-fuzz.com/testcase?key=5678055552450560 Project: aspell Fuzzer: aflaspellfuzzer Fuzz target binary: aspellfuzzer Job Type: aflasanaspell Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow READ 1 Crash Address:...

Stack overflow

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecuraddbydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7.1...

CVE-2019-11705

CVE-2019-11705 is a stack buffer overflow in Thunderbird’s libical-based icalrecur_add_bydayrules (affecting Thunderbird

Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference

When modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients...

CVE-2019-1010022

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this ...

openthread/ncp-uart-received-fuzzer: Stack-buffer-overflow in ot::NetworkData::Leader::IsStableUpdated

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5630599882080256 Project: openthread Fuzzer: libFuzzeropenthreadncp-uart-received-fuzzer Fuzz target binary: ncp-uart-received-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash...

imagemagick/encoder_eps_fuzzer: Stack-buffer-overflow in ConstantString

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5726208135790592 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderepsfuzzer Fuzz target binary: encoderepsfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

imagemagick/ping_ept2_fuzzer: Stack-buffer-overflow in GetNextUTFCode

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5695814195740672 Project: imagemagick Fuzzer: libFuzzerimagemagickpingept2fuzzer Fuzz target binary: pingept2fuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

clamav/clamav_scanfile_fuzzer: Stack-buffer-overflow in real_scansis

Detailed report: https://oss-fuzz.com/testcase?key=5632043662180352 Project: clamav Fuzzer: libFuzzerclamavscanfilefuzzer Fuzz target binary: clamavscanfilefuzzer Job Type: libfuzzerasanclamav Platform Id: linux Crash Type: Stack-buffer-overflow READ 4 Crash Address: 0x7fd238ca9890 Crash State:...

Critical: thunderbird

Issue Overview: libical: Heap buffer over read in icalparser.c parsergetnextchar CVE-2019-11703 libical: Type confusion in icaltimezonegetvtimezoneproperties function in icalproperty.c CVE-2019-11706 Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 libical: Stack buffer overflow in...

wireshark/fuzzshark_ip_proto-udp: Stack-buffer-overflow in tvb_memcpy

Project: https://code.wireshark.org/review/wireshark Detailed report: https://oss-fuzz.com/testcase?key=5738227266224128 Project: wireshark Fuzzer: aflwiresharkfuzzsharkipproto-udp Fuzz target binary: fuzzsharkipproto-udp Job Type: aflasanwireshark Platform Id: linux Crash Type:...

FreeBSD 11.x < 11.2-RELEASE-p7 / 12.x < 12.0-RELEASE-p1 bootpd stack buffer overflow

The version of the FreeBSD kernel running on the remote host is 11.x prior to 11.2-RELEASE-p7 or 12.x prior to 12.0-RELEASE-p1. It is, therefore, affected by a stack buffer overflow vulnerability in bootpd. Insufficient validation of network-provided data in bootpd may make it possible for a...

freeimage/load_from_memory_fuzzer: Stack-buffer-overflow in LibRaw::parse_rollei

Detailed report: https://oss-fuzz.com/testcase?key=5156329342107648 Project: freeimage Fuzzer: libFuzzerloadfrommemoryfuzzer Fuzz target binary: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7fef5bbbdca0 Crash Stat...

CVE-2019-1010022

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this ...