CVE-2023-34312

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-763
View all →

Vulnerability Description

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.

Related Vulnerabilities

CVE-2013-4695

HIGH
CVSS:7.8(High)

Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

CWE-7632013

CVE-2017-0731

HIGH
CVSS:7.8(High)

A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.

CWE-7632017

CVE-2017-18075

HIGH
CVSS:7.8(High)

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_C...

CWE-7632017

CVE-2018-9557

HIGH
CVSS:7.8(High)

In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileg...

CWE-7632018

CVE-2019-18619

HIGH
CVSS:7.8(High)

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (t...

CWE-7632019

CVE-2019-19820

HIGH
CVSS:7.8(High)

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution ...

CWE-7632019