Articles with tag: Integer Overflow
POSTED BY: George Poulios / 21.10.2020

Microchip ASF4 integer overflows in flash_read, flash_write and flash_append

CVE ID:CVE-2019-16127
Affected Products:ASF4 as distributed through (last accessed 2020-10-21)
Class:Integer Overflow or Wraparound (CWE-190)
Discovered by:George Poulios

CENSUS identified several integer overflow problems in the flash_read, flash_write and flash_append functions of the Microchip ASF4 framework. This framework is used during firmware development for Atmel (now Microchip) microcontrollers. An adversary may abuse these issues to gain unauthorized read or write access to arbitrary pages of the flash storage, especially pages mapped at low memory addresses. As no patch is available from the vendor, CENSUS urges developers to implement a check for integer overflows in the relevant code.

POSTED BY: Anestis Bechtsoudis / 22.07.2016

Android stagefright impeg2d_dec_pic_data_thread integer overflow

CVE ID:CVE-2016-0835
Android ID:26070014
Affected Products:Android OS 6.0 — 6.0.1
Class:Integer Overflow (CWE-190) / Underflow (CWE-191)
Discovered by:Anestis Bechtsoudis

Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.

POSTED BY: Stelios Tsampas / 11.01.2016

GDCM buffer overflow in ImageRegionReader :: ReadIntoBuffer

CVE ID:CVE-2015-8396
Affected Products:Applications using GDCM versions < 2.6.2 and the ImageRegionReader :: ReadIntoBuffer API call
Class:Integer Overflow or Wraparound (CWE-190)
Discovered by:Stelios Tsampas

Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM are listed here and here.