Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code.
Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8.
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.
The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow.
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.
The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.
Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14.
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23.
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3.
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11.
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.
There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem.
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service.
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.