Pdfium - Pattern Shading Integer Overflows

This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in cpdfrenderstatus.cpp rely on a helper function to compute the numb...

EulerOS 2.0 SP1 : 389-ds-base (EulerOS-SA-2018-1032)

According to the version of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could...

EulerOS 2.0 SP2 : 389-ds-base (EulerOS-SA-2018-1033)

According to the version of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could...

ImageMagick ComputeResizeImage function stack buffer vulnerability

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. A stack buffer vulnerability exists in the ComputeResizeImage function in the MagickCore/accelerate.c file in ImageMagick 7.0.7-22. A remote attacker can cause a denia...

imagemagick/encoder_miff_fuzzer: Stack-buffer-overflow in QueryColorCompliance

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=4843070479663104 Project: imagemagick Fuzzer: aflimagemagickencodermifffuzzer Fuzz target binary: encodermifffuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...

gdal/gdal_fuzzer: Stack-buffer-overflow in SENTINEL2Dataset::OpenL1C_L2A

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5106216549220352 Project: gdal Fuzzer: aflgdalfuzzer Fuzz target binary: gdalfuzzer Job Type: aflasangdal Platform Id: linux Crash Type: Stack-buffer-overflow READ 4 Crash Address: 0x7f36692a5154 Crash...

Updated 389-ds-base packages fix security vulnerability

A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service CVE-2017-15134...

imagemagick/encoder_label_fuzzer: Stack-buffer-overflow in FxEvaluateSubexpression

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5681757736140800 Project: imagemagick Fuzzer: aflimagemagickencoderlabelfuzzer Fuzz target binary: encoderlabelfuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...

CVE-2018-6767

An out-of-bounds stack buffer read flaw was found in WavPack. This flaw could potentially be used to crash WavPack CLI utilities by tricking them into processing specially crafted WAVE files...

openthread/ip6-send-fuzzer: Stack-buffer-overflow in ot::NetworkData::ServiceTlv::IsThreadEnterprise

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5472780666535936 Project: openthread Fuzzer: aflopenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow...

proj4/standard_fuzzer: Stack-buffer-overflow in pj_cs2cs_emulation_setup

Detailed report: https://oss-fuzz.com/testcase?key=4684634437713920 Project: proj4 Fuzzer: libFuzzerproj4standardfuzzer Fuzz target binary: standardfuzzer Job Type: libfuzzerasanproj4 Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address: 0x7f090b761408 Crash State:...

openthread/ip6-send-fuzzer: Stack-buffer-overflow in ot::NetworkData::ServerTlv::GetServer16

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5507424543834112 Project: openthread Fuzzer: libFuzzeropenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type:...

openthread/ip6-send-fuzzer: Stack-buffer-overflow in ot::NetworkData::ServiceTlv::IsThreadEnterprise

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=6188652393660416 Project: openthread Fuzzer: libFuzzeropenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type:...

openthread/ip6-send-fuzzer: Stack-buffer-overflow in ot::NetworkData::ServiceTlv::GetServiceDataLength

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5433723441905664 Project: openthread Fuzzer: libFuzzeropenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type:...

CVE-2017-15860

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur...

CentOS Update for 389-ds-base CESA-2018:0163 centos7

Check the version of 389-ds-base SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882838";...

Important: Red Hat Security Advisory: 389-ds-base security and bug fix update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

SUSE SLED12 / SLES12 Security Update : libevent (SUSE-SU-2018:0200-1)

This update for libevent fixes the following security issues : - CVE-2016-10195: DNS remote stack overread vulnerability bsc1022917 - CVE-2016-10196: stack/buffer overflow in evutilparsesockaddrport bsc1022918 - CVE-2016-10197: out-of-bounds read in searchmakenew bsc1022919 Note that Tenable...

imagemagick/encoder_mvg_fuzzer: Stack-buffer-overflow in GetNextToken

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=6428407182131200 Project: imagemagick Fuzzer: aflimagemagickencodermvgfuzzer Fuzz target binary: encodermvgfuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...

CVE-2017-15134

A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service...