CVE-2024-43828 – ext4: fix infinite loop when replaying fast_commit
https://notcve.org/view.php?id=CVE-2024-43828
ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039. This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range(). Thanks to Zhang Yi, for figuring out the real problem! • https://git.kernel.org/stable/c/8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1 https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121 https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2 https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178 https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706 •
CVE-2024-34740
https://notcve.org/view.php?id=CVE-2024-34740
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. • https://android.googlesource.com/platform/frameworks/base/+/e8b6505647be558ed3a167a1e13c53dfc227d22b https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/700c28908051ceb55e1456d2d21229bc17c6895a https://source.android.com/security/bulletin/2024-08-01 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-190: Integer Overflow or Wraparound •
CVE-2024-31333
https://notcve.org/view.php?id=CVE-2024-31333
In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. • https://source.android.com/security/bulletin/2024-08-01 • CWE-190: Integer Overflow or Wraparound •
CVE-2024-7867 – Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates
https://notcve.org/view.php?id=CVE-2024-7867
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. • https://www.xpdfreader.com/security-bug/CVE-2024-7867.html • CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero •
CVE-2024-41851 – Adobe InDesign (Beta) has an integer overflow vulnerability when parsing SVG file
https://notcve.org/view.php?id=CVE-2024-41851
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-56.html • CWE-190: Integer Overflow or Wraparound •