CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-34403
https://notcve.org/view.php?id=CVE-2024-34403
ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string. • http://www.openwall.com/lists/oss-security/2024/05/06/1 http://www.openwall.com/lists/oss-security/2024/05/06/3 https://github.com/uriparser/uriparser/issues/183 https://github.com/uriparser/uriparser/pull/186 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3 https://lists.fedoraproject.org/archives/list/package&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-34402
https://notcve.org/view.php?id=CVE-2024-34402
ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. • http://www.openwall.com/lists/oss-security/2024/05/06/1 http://www.openwall.com/lists/oss-security/2024/05/06/3 https://github.com/uriparser/uriparser/issues/183 https://github.com/uriparser/uriparser/pull/185 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3 https://lists.fedoraproject.org/archives/list/package&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34408
https://notcve.org/view.php?id=CVE-2024-34408
Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file. • https://github.com/Tencent/libpag/issues/2230 https://github.com/Tencent/libpag/pull/2243 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-47212
https://notcve.org/view.php?id=CVE-2023-47212
A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHQQXX27ACLLYUQHWSL3DVCOGUK5ZA4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WRORYQ2Z2XXHPX36JHBUSDVY6IOMW2N https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBIPXOBWUHPAH4QHMVP2AWWAPDDZDQ66 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1846 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-33078
https://notcve.org/view.php?id=CVE-2024-33078
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. • https://github.com/HBLocker/CVE-2024-33078 • CWE-680: Integer Overflow to Buffer Overflow •