-
Recent Posts
- graphicsmagick: assertion failure in pixel_cache.c
- bladeenc: global buffer overflow in iteration_loop (loop.c)
- bento4: stack-based buffer underflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp)
- bento4: stack-based buffer overflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp)
- bento4: heap-based buffer overflow in AP4_DataBuffer::SetData (Ap4DataBuffer.cpp)
Recent Comments
- ago on libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c)
- ago on lame: stack-based buffer overflow in III_i_stereo (layer3.c)
- Hugo Lefeuvre on lame: stack-based buffer overflow in III_i_stereo (layer3.c)
- Young on libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c)
- CVE-2017-14406 – 安百科技 on mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c)
Archives
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- February 2016
- July 2015
- August 2013
- June 2013
- May 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
Categories
Meta
Monthly Archives: January 2017
libmp3splt: NULL pointer dereference in splt_cue_export_to_file (cue.c)
Description: libmp3splt a library for mp3splt to split mp3 and ogg files without decoding. A fuzz on it discovered a NULL pointer access. The complete ASan output: # mp3splt -P -f -t 0.1 -a $FILE ==2581==ERROR: AddressSanitizer: SEGV on unknown … Continue reading
Posted in advisories, security
1 Comment
mp3splt: invalid free in free_options (options_manager.c)
Description: mp3splt is a command line utility to split mp3 and ogg files without decoding. A fuzz on it discovered an invalid free. The complete ASan output: # mp3splt -P -f -t 0.1 -a $FILE ==2631==ERROR: AddressSanitizer: attempting free on … Continue reading
Posted in advisories, security
16 Comments
mp3splt: NULL pointer dereference in main (mp3splt.c)
Description: mp3splt is a command line utility to split mp3 and ogg files without decoding. A fuzz on it discovered a NULL pointer access. The complete ASan output: # mp3splt -P -f -t 0.1 -a $FILE ==3081==ERROR: AddressSanitizer: SEGV on … Continue reading
Posted in advisories, security
Leave a comment
jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c)
Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes a read overflow. The complete ASan output: # … Continue reading
Posted in advisories, security
Leave a comment
jasper: invalid memory read in jas_matrix_bindsub (jas_seq.c)
Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes an invalid memory read. The complete ASan output: … Continue reading
Posted in advisories, security
Leave a comment
jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c)
Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes a NULL pointer access. The complete ASan output: … Continue reading
Posted in advisories, security
Leave a comment
<sys-libs/zlib-1.2.11 – possible data corruption
I don’t know if a news will be sent. A possibile data corruption was found on zlib 1.2.10. Please update your zlib to 1.2.11 and make sure you restart all services that are linked to zlib (a reboot may be … Continue reading
Posted in gentoo
Leave a comment
jasper: invalid memory read in jas_matrix_asl (jas_seq.c)
Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes an invalid memory read. The complete ASan output: … Continue reading
Posted in advisories, security
Leave a comment
jasper: invalid memory read in jpc_undo_roi (jpc_dec.c)
Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes an invalid memory read. The complete ASan output: … Continue reading
Posted in advisories, security
1 Comment
jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)
Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes an invalid memory write. The complete ASan output: … Continue reading
Posted in advisories, security
2 Comments