Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2022-3570: tools/tiffcrop.c:3142 - Heap Buffer overflow in extractContigSamples32bits (#386) · Issues · libtiff / libtiff · GitLab

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CVE
Open in Source
#ubuntu#linux#git#c++#buffer_overflow
CVE-2022-3597: tiffcrop: heap-buffer-overflow in _TIFFmemcpy, tif_unix.c:346 (different from #411) (#413) · Issues · libtiff / libtiff · GitLab

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

CVE-2021-42553: Fix buffer overflow by Defonceuse · Pull Request #4 · STMicroelectronics/stm32_mw_usb_host

A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.

CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-37453: SYT-2022-9: Improper input validation vulnerability in OPC UA C++ SDK, Secure Integration Server, edgeConnector, edgeAggregator, uaGate and OPC Suite

An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.

Chrome offline_items_collection::OfflineContentAggregator::OnItemRemoved Heap Buffer Overflow

Chrome suffers from a heap buffer overflow vulnerability in offline_items_collection::OfflineContentAggregator::OnItemRemoved.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7009-01

Red Hat Security Advisory 2022-7009-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.