Filtered by CWE-193
Filtered by vendor Subscriptions
Total 195 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-36354 2 Debian, Openimageio 2 Debian Linux, Openimageio 2024-11-21 5.3 Medium
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-34970 1 Crowcpp 1 Crow 2024-11-21 9.8 Critical
Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service.
CVE-2022-34684 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2024-11-21 5.3 Medium
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.
CVE-2022-33064 1 Libsndfile Project 1 Libsndfile 2024-11-21 7.8 High
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
CVE-2022-30155 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2024-11-21 5.5 Medium
Windows Kernel Denial of Service Vulnerability
CVE-2022-25051 1 Rtl 433 Project 1 Rtl 433 2024-11-21 5.5 Medium
An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.
CVE-2022-24988 1 Galois 2p8 Project 1 Galois 2p8 2024-11-21 9.8 Critical
In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector.
CVE-2022-23400 1 Accusoft 1 Imagegear 2024-11-21 7.1 High
A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-4070 1 V2fly 1 V2ray-core 2024-11-21 9.1 Critical
Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.
CVE-2021-46848 4 Debian, Fedoraproject, Gnu and 1 more 5 Debian Linux, Fedora, Libtasn1 and 2 more 2024-11-21 9.1 Critical
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
CVE-2021-44007 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 5.5 Medium
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.
CVE-2021-3999 4 Debian, Gnu, Netapp and 1 more 16 Debian Linux, Glibc, E-series Performance Analyzer and 13 more 2024-11-21 7.8 High
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
CVE-2021-3930 3 Debian, Qemu, Redhat 11 Debian Linux, Qemu, Advanced Virtualization and 8 more 2024-11-21 6.5 Medium
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
CVE-2021-3156 9 Beyondtrust, Debian, Fedoraproject and 6 more 38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more 2024-11-21 7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2021-31875 1 Cesanta 1 Mongooseos Mjs 2024-11-21 9.8 Critical
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."
CVE-2021-29529 1 Google 1 Tensorflow 2024-11-21 2.5 Low
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L62-L66) computes two integers (representing the upper and lower bounds for interpolation) by ceiling and flooring a floating point value. For some values of `in`, `interpolation->upper[i]` might be smaller than `interpolation->lower[i]`. This is an issue if `interpolation->upper[i]` is capped at `in_size-1` as it means that `interpolation->lower[i]` points outside of the image. Then, in the interpolation code(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L245-L264), this would result in heap buffer overflow. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-23017 6 F5, Fedoraproject, Netapp and 3 more 19 Nginx, Fedora, Ontap Select Deploy Administration Utility and 16 more 2024-11-21 7.7 High
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2021-21938 1 Accusoft 1 Imagegear 2024-11-21 9.8 Critical
A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-8443 1 Ossec 1 Ossec 2024-11-21 9.8 Critical
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).
CVE-2020-7044 4 Fedoraproject, Opensuse, Oracle and 1 more 5 Fedora, Leap, Solaris and 2 more 2024-11-21 7.5 High
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.