The root cause is an integer overflow in `setup_malloc`. A crafted file may trigger out of bounds write in `f->vendor = get8_packet(f) `. Stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1)) ` and `f->comment_list = (char*)setup_malloc(f, sizeof(char) * (len+1)) `. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. This vulnerability affects Firefox alphabet_size variable in the read_vlc_prefix() function.Ī vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions vendor = (char)'\0' `. On some systems-depending on the graphics settings and drivers-it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This issue could allow a local user to crash the system.Ī flaw was found in xorg-server. This issue could allow a local attacker to crash the system or leak internal kernel information.Īn out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.Īn out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.Īn out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |