Page 71 of 4111 results (0.385 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHQQXX27ACLLYUQHWSL3DVCOGUK5ZA4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WRORYQ2Z2XXHPX36JHBUSDVY6IOMW2N https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBIPXOBWUHPAH4QHMVP2AWWAPDDZDQ66 https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3653 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3670C7-L3670C75 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L961 https://securitylab.github.com/advisories/GHSL-2023 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The root cause is an integer overflow in `setup_malloc`. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960 https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. • https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV https://github.com/SiliconLabs/gecko_sdk/releases • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. • https://jvn.jp/en/jp/JVN28846531/index.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808 • CWE-190: Integer Overflow or Wraparound