Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2020-0009: Android ashmem Read-Only Bypasses ≈ Packet Storm

In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932

CVE
Open in Source
#android#google#linux#c++#perl#chrome
CVE-2019-5064: TALOS-2019-0853 || Cisco Talos Intelligence Group

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

CVE-2019-5063: TALOS-2019-0852 || Cisco Talos Intelligence Group

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

CVE-2019-5063: TALOS-2019-0852 || Cisco Talos Intelligence Group

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

CVE-2019-5064: TALOS-2019-0853 || Cisco Talos Intelligence Group

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

CVE-2019-20170: AddressSanitizer: heap-use-after-free in GF_IPMPX_AUTH_Delete odf/ipmpx_code.c:115 · Issue #1328 · gpac/gpac

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.

CVE-2019-20165: ERROR: AddressSanitizer: NULL pointer dereference in ilst_item_Read isomedia/box_code_apple.c:119 · Issue #1338 · gpac/gpac

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.

CVE-2019-20161: AddressSanitizer: heap-buffer-overflow in ReadGF_IPMPX_WatermarkingInit at ipmpx_code.c:1517 · Issue #1320 · gpac/gpac

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.

CVE-2019-20162: ERROR: AddressSanitizer: heap-buffer-overflow in gf_isom_box_parse_ex isomedia/box_funcs.c:189 · Issue #1327 · gpac/gpac

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.