CVE-2024-7730

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-122
View all →

Vulnerability Description

A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.

Related Vulnerabilities

CVE-2020-11061

HIGH
CVSS:7.4(High)

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initia...

CWE-1222020

CVE-2022-1253

HIGH
CVSS:7.4(High)

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to a...

CWE-1222022

CVE-2024-29158

HIGH
CVSS:7.4(High)

HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CWE-1222024

CVE-2024-29160

HIGH
CVSS:7.4(High)

HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CWE-1222024

CVE-2024-29162

HIGH
CVSS:7.4(High)

HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.

CWE-1222024