Re: [FD] Buffer Overflow in graphviz via via a crafted config6a file

On 1/20/24 15:07, Meng Ruijie wrote: [Vulnerability description] Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote attacker to execute arbitrary code via a crafted config6a file. [Vulnerability Type] Buffer Overflow More specifically, this issue is an out-of-bounds read.

[FD] CVEs based on commit messages

Dear Meng Rujie, In regards to your recent FD posts, are you requesting CVEs based on the presence of strings in commit messages such as "null pointer dereference"? Are you reaching out to each upstream project before assigning a CVE? Do you believe that every null pointer bug is a vulnerabil

Re: [FD] null pointer deference in nano via read_the_list()

Hi Meng, In your recent mass posts to FD, are you reporting vulnerabilities or bug reports which have words like "segfault" in the title? What benefit do you see this having? Have you spoken to each upstream project before requesting a CVE be assigned? Thank you, Mark Esler On 1/19/24 22:05

Re: [FD] NULL pointer dereference in freedesktop Mesa via check_xshm()

On Fri, Jan 26, 2024 at 1:55 PM Meng Ruijie wrote: > [Vulnerability description] > freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference > via the function check_xshm(). > > [Vulnerability Type] > NULL pointer dereference > > [Vendor of Product] > freedesktop > > [Affected

Re: [FD] Null pointer dereference in Xedit

On 1/19/24 19:48, Meng Ruijie wrote: [Vulnerability description] A NULL pointer dereference in the component /X11/xedit/lisp of Xedit v1.2.3 allows attackers to cause a Denial of Service (DoS) via a crafted lisp.lsp file. [VulnerabilityType Other] null pointer deference [Vendor of Product] Xed