10 matches found
CVE-2026-7568
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...
CVE-2025-66960
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata...
SUSE CVE-2022-50255
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix reading strings from synthetic events The follow commands caused a crash: cd /sys/kernel/tracing echo 's:open char file' dynamicevents echo 'hist:keys=commonpid:file=filename:onchange$file.traceopen,$file'...
QuickJS 安全漏洞
QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...
Samsung Notes SPen String Out-of-Bounds Read Vulnerability
Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. An out-of-bounds read vulnerability exists in Samsung Notes, which originates from an out-of-bounds read in the SPen string read, and can be exploited by an attacker ...
The vulnerability of the gguf_fread_str function in the GGUF library, which allows a hacker to execute arbitrary code.
The vulnerability of the gguffreadstr function in the GGUF library is related to integer overflow. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
PT-2022-35373 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.10 through v5.15.74 Description: The issue concerns reading strings from synthetic events. It was introduced in version v5.10 and fixed in version v5.15.75. The actual impact and attack plausibility have not yet been...
PT-2025-37509
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the tracing subsystem related to handling synthetic events. Specifically, the synthetic event field "char file" can read a string value without...
PT-2020-3622 · Gnu +7 · Grub2 +7
Name of the Vulnerable Software and Affected Versions: grub2 versions prior to 2.06 Description: The issue is related to the read section as string function, which expects a font name to be at most UINT32 MAX - 1 length in bytes but does not verify it before proceeding with buffer allocation. Thi...
CVE-2017-15722
CVE-2017-15722 affects Irssi prior to 1.0.5, where a failure to verify that a Safe channel ID is long enough can cause reads beyond the end of the string. Connected advisories confirm Irssi