In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew.
OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.
pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall.
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall.
wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h.
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.
Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h.
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue.
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.
Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service.
A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_interceptors_memintrinsics.cpp.
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.