![]() ![]() A crafted file may trigger out of bounds write in `f->vendor = get8_packet(f) `. Stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This vulnerability affects Firefox ESR comment_list_length)` which may make `setup_malloc` allocate less memory than required. This issue could allow an attacker to perform remote code execution and sandbox escape. The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records. Handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.īuffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. Route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. ![]() It allows an attacker to cause code execution. ![]() It allows an attacker to cause code execution.Ī global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at :1321. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |