Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2019-12937: kowasuos/kowasu-gsudo.c at master · mehsauce/kowasuos

apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable.

CVE
Open in Source
#c++#buffer_overflow#sap
Time travel debugging: It’s a blast! (from the past)

The Microsoft Security Response Center (MSRC) works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our “Time Travel Debugging” (TTD) tool publicly available to make it easy for security researchers to provide full repro, shortening investigations and potentially contributing to higher bounties (see “Report quality definitions for Microsoft’s Bug Bounty programs”).

CVE-2019-11505: GraphicsMagick / Bugs / #605 heap-buffer-overflow in function WritePDBImage of coders/pdb.c

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

CVE-2019-11506: GraphicsMagick / Bugs / #604 heap-buffer-overflow in function WriteMATLABImage of coders/mat.c

In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.

CVE-2018-20822: AddressSanitizer: stack-overflow at Sass::Inspect::operator() (inspect.cpp:977) · Issue #2671 · sass/libsass

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

CVE-2019-11008: GraphicsMagick / Bugs / #599 heap_buffer_overflow_WRITE in function WriteXWDImage of coders/xwd.c

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

CVE-2019-9903: CVE-2019-9903: Stack-based Buffer Overflows in Dict::find() - poppler 0.74.0 - Loginsoft Research

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

CVE-2019-9656: pocs/libofx at master · TeamSeri0us/pocs

An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.

CVE-2019-7317: Use after free · Issue #275 · glennrp/libpng

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

CVE-2019-6284: AddressSanitizer: heap-buffer-overflow · Issue #2816 · sass/libsass

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.