kost

# Summary The YAML reader’s `yaml_skip_till` loop omits an `end` check before dereferencing, so a malformed mapping key lets `from_yaml` read past the heap buffer while searching for `':'`. ASan...

# Summary `iguana::parse_escape_xml` decodes XML numeric entities into UTF-8 without validating the upper bound. Entities above `0x10FFFF` trip an assertion in `encode_utf8`, aborting the process and enabling a trivial denial...

###### JerryScript revision git master: 355ab24cdc0501e0fdb3a97be69ea94835301eea tested also on release version: 3.0.0 ###### Build platform Ubuntu 24.04.2 ###### Build steps ``` python3 tools/build.py --clean --debug --compile-flag=-fno-omit-frame-pointer --compile-flag=-fno-common --compile-flag=-fsanitize=address --compile-flag=-g --strip=off...

# Summary Identified Heap Buffer Overflow in getcode  function located in src/zopen.c:673. # Versions Versions tested and affected: - Current git master (d624720b3cb4aa84b0f9cede51f90f9cc42473d8) - Latest release (v7.5) ``` $ git...

# Summary **Out-of-bounds memory access in CDT::opposedVertexInd() leading to segmentation fault** a memory safety vulnerability was discovered that causes a segmentation fault during edge insertion operations. The crash occurs in...

heap buffer overflow in ts_bspline_uniform_knot_seq located in tinyspline.c:1887 - reachable via tinyspline::BSpline::sample

1

# Summary Identified heap buffer overflow in ts_bspline_uniform_knot_seq located in tinyspline/src/tinyspline.c:1887, reachable via tinyspline::BSpline::sample. # Versions Versions tested and affected: - Current git master (bb3b02cdfaa039aa236a5240f2ba8bce66bea527) - Latest release (v0.6.0) ```...

# Summary ormpp is using vulnerable component version of iguana (iguana::from_json) from config_manager::from_file. ormpp automatically feeds user data into iguana’s textual parsers is the optional configuration helper in ormpp/ormpp_cfg.hpp. config_manager::from_file...