17 matches found
CLSA-2026-1773669005 compat-openssl11: Fix of CVE-2025-69419
CVE-2025-69419: fix heap buffer overflow in OPENSSLuni2utf8 via bmptoutf8...
CVE-2025-69419 Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...
CVE-2025-69419
CVE-2025-69419 is an OpenSSL vulnerability arising from PKCS12_get_friendlyname() processing of attacker-supplied PKCS#12 BMPString names. The root cause is in OPENSSL_uni2utf8(): during the second pass, bmp_to_utf8() forwards the remaining UTF-16 source byte count as the destination capacity to ...
CVE-2025-69419 Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...
MiracleLinux 4 : thunderbird-52.8.0-2.AXS4 (AXSA:2018-3120:04)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3120:04 advisory. Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 Mozilla: Backport critical security fixes in Skia CVE-2018-5183...
EUVD-2008-3956
Malware in sbrugna...
PYSEC-2025-159
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The...
UBUNTU-CVE-2025-2152
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The...
OPENSUSE-SU-2020:0612-1 Security update for sqliteodbc
This update for sqliteodbc fixes the following issues: Security issue fixed: - CVE-2020-12050: Fixed a privilege escalation vulnerability boo1171041. Non-security issues fixed: - Update to version 0.9996 update to SQLite 3.22.0 fixes in handling DDL in SQLExecDirect et.al., thanks Andre Mikulec f...
Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
Exploit for Android platform in category remote exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=840 There's an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a mismatch between the size...
CVE-2008-3971
Heap-based buffer overflow in the openmanfile function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector...
Heap overflow
Heap-based buffer overflow in the openmanfile function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector...
CVE-2008-3971
Heap-based buffer overflow in the openmanfile function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector...
CVE-2008-3971
Heap-based buffer overflow in the openmanfile function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector...
CVE-2008-3971
Heap-based buffer overflow in the openmanfile function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector...
Heap overflow possible in UTF8 to Unicode conversion — Mozilla
It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data. Exploitability would depend on the attackers ability to get the string into the buggy converter. General web content is converted elsewhere but we can't rule out the possibility of a...
Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs
Overview A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way that some versions of the Mozilla and Firefox web browsers, and...