stb_vorbis buffer error vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a carefully crafted file that may trigger an out-of-bounds write in "f-vendorlen = char ;"...

CVE-2023-45675

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if the len read in startdecoder is -1 and len + 1 becomes 0 when passed to setupmalloc. The setupmalloc behaves...

JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities

Talos Vulnerability Report TALOS-2023-1825 JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities October 19, 2023 CVE Number CVE-2023-35126 SUMMARY An out-of-bounds write vulnerability exists within the parsers for both the...

exim: Fix of 2 CVEs

CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...

CVE-2023-3781

CVE-2023-3781 describes a use-after-free write from improper locking in a kernel component, enabling local elevation of privilege without user interaction. The threat is local access required (attack vector LOCAL) with a high impact on confidentiality, integrity, and availability as per CVSS. The...

Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability

Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN GET VPN feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash...

Vulnerable version of libwebp and can be exploited with a malicious source image

Impact This vulnerability affects deployments of FreeImage that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you, but you should remove FreeImage from your project, as it is not maintained and presents a massive...

Mozilla: Out-of-bounds write in PathOps

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could have provided malicious data in a PathRecording, resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process...

GHSA-7VPR-3PPW-QRPJ Imageflow affected by libwebp zero-day and should not be used with malicious source images.

Impact This vulnerability affects deployments of Imageflow that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you but you should update anyway. Imageflow relies on Google's libwebp library to decode .webp images, an...

CVE-2023-42822

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...

Out-of-bounds

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...

Design/Logic Flaw

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2023-74542)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator suffers from an out-of-bounds write vulnerability that originates when a networked system or product performs an operation in memory without properly validating the data...

VulnCheck KEV: CVE-2023-20109

Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN GET VPN feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash...

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: out-of-bounds write in extractContigSamplesShifted16bits in tools/tiffcrop.c CVE-2023-0800 libtiff: out-of-bounds write in TIFFmemcpy in libtiff/tifunix.c when called...

Insecure Temporary File Creation

Jenkins is vulnerable to Insecure Temporary File Creation. The vulnerability is due to creating a temporary file when a plugin is deployed directly from a URL. An attacker can exploit this vulnerability by deploying a plugin from URL resulting in access to the Jenkins controller file system with...

CVE-2023-43498

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller...

CVE-2023-43497

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...

libwebp: out-of-bounds write with a specially crafted WebP lossless file

This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47387)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...