23 matches found
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
CVE-2026-23747
The CVE affects Golioth Firmware SDK versions 0.10.0 up to 0.21.x (fixed in v0.22.0). A stack-based buffer overflow occurs in Payload Utils via golioth_payload_as_int() and golioth_payload_as_float(), which copy network-provided payload data into fixed-size stack buffers using memcpy() with a len...
HarfBuzz 安全漏洞
HarfBuzz is HarfBuzz open source a text engine for OpenType fonts. HarfBuzz version before 12.3.0 has a security vulnerability , the vulnerability stems from the SubtableUnicodesCache::create function does not check the hbmalloc return value , which may lead to null pointer dereferencing and...
GO-2025-4087 Unchecked memory allocation during vector deserialization in github.com/consensys/gnark-crypto
Unchecked memory allocation during vector deserialization in github.com/consensys/gnark-crypto...
EUVD-2025-37035
gnark-crypto allows unchecked memory allocation during vector deserialization...
gnark-crypto allows unchecked memory allocation during vector deserialization
The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report: A critical vulnerability exists in the gnark-crypto library's Vector.ReadFrom function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the...
Denial Of Service (DoS)
net-imap is vulnerable to Denial Of Service DoS. The vulnerability is due to memory exhaustion due to automatic and unchecked memory allocation when handling large 'literal' byte counts in server responses from untrusted IMAP servers...
The vulnerability of the `vidtv_s302m_encoder_init()` function in the `drivers/media/test-drivers/vidtv/vidtv_s302m.c` file of the Vidtv driver for the Linux operating system, which allows a hacker to cause a service failure.
The vulnerability of the vidtvs302mencoderinit function in the drivers/media/test-drivers/vidtv/vidtvs302m.c file of the Vidtv driver for the Linux operating system is related to the lack of code checks for the vzalloc function’s return value. Exploiting this vulnerability could allow an attacker...
SUSE CVE-2017-18210
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked...
SUSE CVE-2022-3104
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtmARRAYBOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc and will cause the null pointer dereference...
kernel: sfc_ef100: NULL pointer dereference in ef100_update_stats()
An issue was discovered in the Linux kernel through 5.16-rc6. ef100updatestats in drivers/net/ethernet/sfc/ef100nic.c lacks check of the return value of kmalloc...
Buffer overflow
Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017,...
MPC-HC Buffer Overflow Vulnerability
MPC-HC is an open source media player based on the Windows platform by the MPC-HC team. A buffer overflow vulnerability exists in MPC-HC 1.7.13 and earlier versions, which originates when a networked system or product performs an operation in memory without properly validating the data boundaries...
ESTsoft Alzip Buffer Overflow Vulnerability (CNVD-2020-17027)
ESTsoft Alzip is a compression/decompression application from ESTsoft Korea that supports multiple formats. A buffer overflow vulnerability exists in ESTsoft Alzip 10.83 and prior versions, which originates when a networked system or product performs an operation in memory without properly...
The vulnerability of the gsskrb5_extract_authz_data_from_sec_context_ex function in the gssapi module of the Secret Net Studio security system allows a attacker to cause a service failure.
The vulnerability of the gsskrb5extractauthzdatafromseccontextex function in the gssapi module of the Secret Net Studio security system is related to the lack of checks for the execution of the memory allocation command. Exploiting this vulnerability could allow a remote attacker to cause service...
moinejf abcm2ps buffer overflow vulnerability
moinejf abcm2ps is a command line program that converts music tunes from ABC notation to PostScript or SVG format. The 'getkey' function in the parse.c file and the 'delayedoutput' function in the music.c file in moinejf abcm2ps 8.13.16 and earlier versions have a Buffer Overflow Vulnerability. T...
Quake3e Buffer Overflow Vulnerability
Quake3e is a Quake III Arena game engine. A buffer overflow vulnerability exists in versions prior to Quake3e 5ed740d. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and write...
CVE-2019-12378
An issue was discovered in ip6racontrol in net/ipv6/ipv6sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of newra, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash. NOTE: This has been disputed as not an issue...
xorg-x11-server: denial of service due to unchecked malloc in client authentication
It was found that the X.Org server did not properly handle SUN-DES-1 Secure RPC authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request...
SuSE 10 Security Update : amarok (ZYPP Patch Number 5931)
This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. CVE-2009-0135 / CVE-2009-0136 %NASLMINLEVEL 70300 ...