Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

Pegasus spyware and how it exploited a WebP vulnerability

Categories: Android Categories: Apple Categories: Exploits and vulnerabilities Tags: Pegasus Tags: spyware Tags: nso Tags: webp Tags: libwebp Tags: buffer overflow The company behind the infamous Pegasus spyware used a vulnerability in almost every browser to plant their malware on victim's devices. (Read more...) The post Pegasus spyware and how it exploited a WebP vulnerability appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#vulnerability#web#ios#android#mac#apple#google#buffer_overflow#asus#zero_day#chrome#ssl
CVE-2023-4259: Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver

Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.

CVE-2023-32614: TALOS-2023-1749 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-35002: TALOS-2023-1760 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-40163: TALOS-2023-1836 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-28393: TALOS-2023-1742 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-32284: TALOS-2023-1750 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-23567: TALOS-2023-1729 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-43131: OffSec’s Exploit Database Archive

General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a