Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.

An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption.

An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled.

An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption.

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.

CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.

An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server.

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.

tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.

Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.

The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.

The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().

The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().

Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.

The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().

The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().

The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().

ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.

The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().

The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.

The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.

The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().

The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().