Bug#993610: crafty: Potential Integer Overflow in tbdecode.h

Package: crafty Version: 23.4 Severity: normal Dear Maintainer, There seems to exist potential integer overflow in tbdecode.h . In line 647, (647) if (fread(temp, 1, HEADER_SIZE, fd) != HEADER_SIZE) ... (651) ptr = temp; (652) # define R4(i) \ (653) ((ptr[i] << 24) + (ptr[(i) + 1] << 16) + (pt

Bug#993588: wily: Potential Buffer Overflow in libmsg/connect.c

Package: wily Version: 0.13.41 Severity: normal Dear Maintainer, It seems that there exists a potential Buffer Overflow in libmsg/connect.c. In line 184, and 191, (184) if(!(disp = getenv("DISPLAY"))) { ... (191) sprintf(buf, "%s/wily%s%s", dir, pw->pw_name, disp); the variable disp is a previou

Bug#993584: r-cran-lpsolve: Potential Integer Overflow vulnerability in src/mmio.c

Package: r-cran-lpsolve Version: 5.6.15 Severity: normal Dear Maintainer, It seems that there exits a potential Integer Overflow in src/mmio.c. in line 53, (53) if (mm_read_mtx_crd_size(f, &M, &N, &nz) !=0) ... (65) I = (int *) malloc(nz * sizeof(int)); (66) J = (int *) malloc(nz * sizeof(int));

Bug#993583: tome: Potential FormatString vulnerability in src/z-form.c

Package: tome Version: 2.4 Severity: normal Dear Maintainer, In line 2519 and 2520 of src/cmd1.cc, (2519) flavored_attack((100 * k) / m_ptr->maxhp, buff); (2520) msg_format(buff, m_name); in function floavored_attack(int percent, char *output) in line 1792 of the same file, get_rnd_line(...) is

Bug#993580: sane: Potential Integer Overflow vulnerability in src/preview.c

Package: sane Version: 1.0.14 Severity: normal Dear Maintainer, It seems that there is a potential integer overflow in src/preview.c In line 1020 - 1022, if (fscanf (in, "P6\n# surface: %g %g %g %g %u %u\n%d %d\n255%*[\n]", psurface + 0, psurface + 1, psurface + 2, psurface + 3,

Bug#993579: xsane-common: Potential Integer Overflow vulnerability in src/xsane-save.c

Package: xsane-common Version: 0.999 Severity: normal Dear Maintainer, It seems that there exists potential Buffer Overflow in src/xsane-save.c In line 522, items_done = fscanf(file, "%d %d", &image_info->image_width, &image_info->image_height); image_info.image_width is read from external sou

Bug#992395: xfig: Potential Buffer Overflow vulnerability in src/w_help.c

Package: xfig Version: xfig Severity: important Dear Maintainer, It seems that there exists a potential Buffer Overflow. (src/w_help.c:55) sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG")); the length of getenv("LANG") may become very long and cause Buffer Overflow while ex