The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
An issue was discovered in Tiny C Compiler 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c.
An error within the "find_green" function in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
An error within the "LibRaw::parse_exif" function in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
In uClibc 0.9.33.2, there is stack exhaustion in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.
In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service by crafting an input file.
In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service by crafting an input file, a related issue to CVE-2018-20456.
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types but the array index can exceed this.
In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077