Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23082: ExifParse: Don't run outside exif information · fritsch/xbmc@367cc80

A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.

CVE
Open in Source
#vulnerability#dos#buffer_overflow

@@ -878,6 +878,12 @@ void CExifParse::ProcessGpsInfo( { const unsigned char* DirEntry = DIR_ENTRY_ADDR(DirStart, de);
// Fix from aosp 34a2564d3268a5ca1472c5076675782fbaf724d6 if (DirEntry + 12 > OffsetBase + ExifLength){ ErrNonfatal("GPS info directory goes past end of exif", 0, 0); return; }
unsigned Tag = Get16(DirEntry, m_MotorolaOrder); unsigned Format = Get16(DirEntry+2, m_MotorolaOrder); unsigned Components = (unsigned)Get32(DirEntry+4, m_MotorolaOrder);

Related news

CVE-2023-23082: ExifParser: Fix several out of bounds accesses while parsing exif information by fritsch · Pull Request #22380 · xbmc/xbmc

A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE