Jaroslav Lobačevski

icon indicating a website link jarlob.github.io icon indicating an email [email protected]

icon location Security Researcher @ghsecuritylab

Results 81 issues of Jaroslav Lobačevski

Signed integer overflow in `start_decoder`

A crafted file may trigger signed integer overflow in [`c->lookup_values = c->entries * c->dimensions;`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3860). #### Impact It is not clear if this is a security issue. #### Resources To reproduce...

Use of uninitialized value in `stbi__jpeg_decode_block_prog_ac`

The pointer `p` at line 2391 in [`stbi__jpeg_decode_block_prog_ac`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L2391) uses the second element from `data` array, but the value wasn't initialized. #### Impact It doesn't seem to be a potential security...

Fix int overflow

Fixes #1533

Integer overflow in `stbi__jpeg_decode_block`

[`dc * dequant[0]`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L2225) signed integer multiplication in `stbi__jpeg_decode_block` [1] overflows with a crafted image file. #### Impact It doesn't look like a potential security issue, but the signed integer overflow...

Integer overflow in `stbi__load_gif_main`

[`STBI_REALLOC_SIZED`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993) [1] in [`stbi__load_gif_main`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7020) may overflow when `layers` is bigger than 1. However it doesn't seem to be exploitable because `layers` is incremented by one in the loop [2]. The...

Fix signed integer overflow

The cast to unsigned int was done after a possible signed integer overflow which is undefined behavior

Potential Security Vulnerabilities

While this is a demo project for https://elanderson.net/category/identityserver/ and the last commit was in 2018, it is quite popular and may be used as a template for a real project....

Potential Security Vulnerabilities

While it is a demo project, it may be used as a template for a real project. ## Summary [OnionArch](https://github.com/GaProgMan/OnionArch) is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery...

Potential Security Vulnerabilities

While it is obvious that this is a demo project for http://littleasp.net/book/ it is quite popular and may be used as a template for a real project. ## Summary [little-aspnetcore-todo](https://github.com/nbarbettini/little-aspnetcore-todo)...

Could not find a suitable TLS CA certificate bundle, invalid path: /home/mitmproxyuser/.mitmproxy/mitmproxy-ca-cert.pem

1 comment

https://github.com/tspascoal-demo2/MyShuttle/actions/runs/5443639260/jobs/9900419190