OSV-2018-146 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11526 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned short OT::KernSubTable::getsize void hbsanitizecontextt::setobjectOT::KernSubTableOT::KernOTSubTableHeader...

OSV-2018-140 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11074 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned short AAT::LookupFormat10 ::sanitize AAT::Lookup ::sanitize...

OSV-2018-129 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11657 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int CFF::Charset12 ::getglyph...

OSV-2018-127 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10341 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned short OT::Offset, true::isnull OT::OffsetToOT::ArrayOfM1OT::ResourceTypeRecord, OT::IntTypeunsigned short, 2...

OSV-2018-116 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11060 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned short AAT::LookupFormat10 ::sanitize AAT::Lookup ::sanitize...

OSV-2018-112 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10356 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned short OT::BinSearchHeader::operator unsigned int OT::OffsetTable::findtableindex...

OSV-2018-106 Stack-use-after-return in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10082 Crash type: Stack-use-after-return READ 1 Crash state: BEInt::operator unsigned short OT::CoverageFormat2::Iter::more OT::SingleSubstFormat2::closure...

OSV-2018-91 Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10881 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned int OT::kern::hasdata hbotlayouthaskerning...

OSV-2018-64 Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11522 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned int void hbsanitizecontextt::setobject::sanitize...

OSV-2018-1 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10897 Crash type: Heap-buffer-overflow READ 1 Crash state: BEInt::operator unsigned short AAT::StateTable ::sanitize AAT::KerxSubTableFormat1::sanitize...

golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The...

A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the...

[SECURITY] Fedora 32 Update: python-signedjson-1.1.1-3.fc32

Features: More than one entity can sign the same object. Each entity can sign the object with more than one key making it easier to rotate keys ED25519 can be replaced with a different algorithm. Unprotected data can be added to the object under the "unsigned" key...

nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

RUSTSEC-2020-0089 nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

CVE-2020-27758

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but...

CVE-2020-27757

A floating point math calculation in ScaleAnyToQuantum of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by...

CVE-2020-27758

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but...

DEBIAN-CVE-2020-27750

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char and math division by zero. This would...

UBUNTU-CVE-2020-27750

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char and math division by zero. This would...