Security vulnerabilities and automated fixes for heap buffer overflow issues
2 posts found
A critical integer overflow vulnerability was discovered in `Java/cs_glue.cpp` at line 324, where the `CsoundMYFLTArray` constructor multiplied a user-controlled integer `n` by `sizeof(MYFLT)` without checking for overflow before passing the result to `malloc`. An attacker supplying a value near `INT_MAX` could trigger the overflow, causing an undersized heap allocation that subsequent writes would overflow. The fix adds an explicit `SIZE_MAX / sizeof(MYFLT)` guard and replaces `malloc` with `ca
A critical heap buffer overflow vulnerability was discovered and patched in a vendored giflib library, where attacker-controlled GIF header fields could trigger memcpy operations that write beyond allocated heap buffers. Because the affected application fetches GIF images from external servers, this vulnerability was remotely exploitable — making it a high-priority fix for any mobile application shipping this code. The patch introduces proper bounds validation before memory copy operations, clos