11 matches found
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the htundoimpl function. An attacker can cause a crash and potentially leak adjacent heap memory by supplying a crafted EXR file with mismatched channel width and buffer length. Remediation Upgrade openexr...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation in the United States. A security vulnerability exists in Rust that stems from a possible overflow in groupnumber, where a hardware device may expect a small number of bits to be used to represent a group number...
UBUNTU-CVE-2025-21667
In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomapwritedelallocscan was inadvertently using a 32-bit position due to folionextindex returning an unsigned long. This could lead to an infinite loop when...
SUSE CVE-2017-11643
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage function in coders/cmyk.c when processing multiple frames that have non-identical widths...
Mozilla: Heap buffer overflow when using structured clone
The Mozilla Foundation Security Advisory describes this flaw as: An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash...
python-pillow: Out-of-bounds read in J2K image reader
There is an out-of-bounds read in J2kDecode in j2kugrayala. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A...
poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths...
ALPINE-CVE-2018-5709
An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable "dbentry-nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect...
DEBIAN-CVE-2017-9117
In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the...
UBUNTU-CVE-2016-9540
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."...
DEBIAN-CVE-2014-9603
The vmddecode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...