CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-40474 – GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40474
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. ... GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://gstreamer.freedesktop.org/security/sa-2023-0006.html https://www.zerodayinitiative.com/advisories/ZDI-23-1456 https://access.redhat.com/security/cve/CVE-2023-40474 https://bugzilla.redhat.com/show_bug.cgi?id=2254587 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-40476 – GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40476
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. ... GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. ... A stack-based buffer overflow was found in the GStreamer Plugins Bad when handling malformed files with H.265 video streams. This issue requires user interaction with the library and may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code execution via heap manipulation, executing code in the context of the current process. • https://gstreamer.freedesktop.org/security/sa-2023-0008.html https://www.zerodayinitiative.com/advisories/ZDI-23-1458 https://access.redhat.com/security/cve/CVE-2023-40476 https://bugzilla.redhat.com/show_bug.cgi?id=2254589 • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-42118 – Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42118
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. ... When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. ... Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. ... When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. ... When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. • https://www.zerodayinitiative.com/advisories/ZDI-23-1472 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-42753 – Kernel: netfilter: potential slab-out-of-bound access due to integer underflow
https://notcve.org/view.php?id=CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una vulnerabilidad de indexación de matrices en el subsistema netfilter del kernel de Linux. Una macro faltante podría provocar un error de cálculo del desplazamiento de la matriz `h->nets`, proporcionando a los atacantes la primitiva de incrementar/disminuir arbitrariamente un búfer de memoria fuera de límites. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7411 https://access.redhat.com/errata/RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2023:7558 h • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32653
https://notcve.org/view.php?id=CVE-2023-32653
An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1802 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •