4 matches found
UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen
uefi-firmware contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, ReadCLen reads Number = GetBitsSd, CBIT with CBIT = 9, so Number can be as large as 511, while the destination array Sd-mCLen has NC = 510 elements...
GHSA-HM2W-VR2P-HQ7W UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen
uefi-firmware contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, ReadCLen reads Number = GetBitsSd, CBIT with CBIT = 9, so Number can be as large as 511, while the destination array Sd-mCLen has NC = 510 elements...
UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable
uefi-firmware contains a stack out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, MakeTable does not validate that bit-length values read from the compressed bitstream are within the expected range 0..16. a crafted firmware blob...
GHSA-2689-5P89-6J3J UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable
uefi-firmware contains a stack out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, MakeTable does not validate that bit-length values read from the compressed bitstream are within the expected range 0..16. a crafted firmware blob...