QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

DEBIAN-CVE-2021-41160

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send 0...

UBUNTU-CVE-2021-41160

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send 0...

PT-2021-7349 · Freerdp +9 · Freerdp +9

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.4.1 Description: The issue is related to out of bound writes in a connected client. A malicious server might trigger this by sending 0 width/height or out of bound rectangles to the client using GDI or...

UBUNTU-CVE-2019-10877

In Teeworlds 0.7.2, there is an integer overflow in CMap::Load in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled...

CVE-2019-10877

In Teeworlds 0.7.2, there is an integer overflow in CMap::Load in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled...

CVE-2018-14596

wancms 1.0 through 5.0 allows remote attackers to cause a denial of service resource consumption via a checkcode aka verification code URI in which the values of fontsize, width, and height are large numbers...

CVE-2017-16663

In sam2p 0.49.4, there are integer overflows with resultant heap-based buffer overflows in input-bmp.ci in the function ReadImage, because "width height" multiplications occur unsafely...

CVE-2017-16663

In sam2p 0.49.4, there are integer overflows with resultant heap-based buffer overflows in input-bmp.ci in the function ReadImage, because "width height" multiplications occur unsafely...

UBUNTU-CVE-2017-16663

In sam2p 0.49.4, there are integer overflows with resultant heap-based buffer overflows in input-bmp.ci in the function ReadImage, because "width height" multiplications occur unsafely...

The vulnerability of the bmp2tiff component in the LibTIFF library allows a hacker to gain access to data beyond the buffer boundaries allocated in dynamic memory.

The vulnerability of the bmp2tiff component in the LibTIFF library arises from insufficient checking of the input parameters biWidth and biHeight in the bitmap-information header of the BMP image. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data beyo...

Silicon Graphics LibTIFF Heap Buffer Overflow Vulnerability (CNVD-2017-07752)

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A heap buffer overflow vulnerability exists in bmp2tiff in Silicon Graphics LibTIFF version...

CVE-2017-7696

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service memory consumption via large values in the width and height parameters to otplogonuiresources/qr, aka SAP Security Note 2389042...

CVE-2017-5849

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service out-of-bounds read and write via a crafted tiff image file, related to transposing width and height values...

DEBIAN-CVE-2016-6912

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via large width and height values...

ALPINE-CVE-2016-6912

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via large width and height values...

UBUNTU-CVE-2016-6912

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via large width and height values...

UBUNTU-CVE-2016-9445

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service crash via large width and height values, which triggers a buffer overflow...

gstreamer-plugins-bad-free security update

0.10.23-22 - h264parse: Ensure codecdata has the required size when reading number of SPS Resolves: rhbz1400838 0.10.23-21 - Remove insecure NSF plugin - vmncdec: Sanity-check width/height before using it Resolves: rhbz1400838...

gstreamer1-plugins-bad-free security update

1.4.5-6 - Fix h264 and h265 buffer size checks - Fix mpegts pat parsing and add more size checks Resolves: rhbz1400897 1.4.5-5 - vmncdec: Sanity-check width/height before using it Resolves: rhbz1400897...