#buffer_overflow

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.

An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution.

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.