Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2022-1154: Use after free in utf_ptr2char in vim

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

CVE
#vulnerability#ubuntu#git#c++
CVE-2022-26291: Multiple concurrency UAF bug between `zpaq_decompress_buf()` and `clear_rulist()` function · Issue #206 · ckolivas/lrzip

lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.

CVE-2022-27943: Invalid Bug ID

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

CVE-2022-27942: [Bug] heap buffer overflow in parse_mpls · Issue #719 · appneta/tcpreplay

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.

CVE-2022-27940: [Bug] heap-overflow in get_ipv6_next · Issue #718 · appneta/tcpreplay

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.

CVE-2021-28278: A heap-based buffer overflow Read in RemoveSectionType in jpgfile.c · Issue #15 · Matthias-Wandel/jhead

A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.

CVE-2021-28277: A heap-based buffer overflow Read in RemoveUnknownSections in jpgfile.c · Issue #16 · Matthias-Wandel/jhead

A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.

CVE-2021-28275: Multiple Segmentation fault in jhead via a crafted jpg file · Issue #17 · Matthias-Wandel/jhead

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.

CVE-2022-25514: heap-buffer-overflow in function ttUSHORT() at stb_truetype.h:1286 · Issue #1286 · nothings/stb

** DISPUTED ** stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.

CVE-2021-43305: 7 RCE and DoS vulnerabilities Found in ClickHouse DBMS

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.