A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.
WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.
WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.
WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.
A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.
The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.
A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.
A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.
A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.
An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.
An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0.
Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file.
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.
Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information.
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.