Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the gbase64encodeclose function. An attacker can cause memory corruption or application crashes by providing excessively large or untrusted input data. Remediation A fix was pushed into the master branch but not...

SUSE-SU-2026:20156-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: heap buffer overflow in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib gbase64encodestep bsc1246114. - CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents...

SUSE-SU-2026:20128-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: heap buffer overflow in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib gbase64encodestep bsc1246114. - CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents...

EUVD-2016-9462

Malware in sbrugna...

EUVD-2022-38865

Malicious code in bioql PyPI...

AZL-65048 CVE-2025-7345 affecting package gdk-pixbuf2 for versions less than 2.40.0-8

A flaw exists in gdk‑pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...

VulnCheck KEV: CVE-2014-2383

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in...

CVE-2022-36144

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64encode...

UBUNTU-CVE-2025-2721

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been classified as critical. This affects the function gsfbase64encodesimple. The manipulation of the argument sizet leads to heap-based buffer overflow. An attack has to be approached locally. The vendor was contacted early about th...

WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload

============================================================================================================================================= | Title : WordPress File Manager Advanced Shortcode 2.3.2 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

Cookie-Monster - BOF To Steal Browser Cookies & Credentials

Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handles and then filelessly download the target. Once the Cookies/Login Data files are...

CVE-2024-27094

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

Out-of-bounds Read

@openzeppelin/contracts, @openzeppelin/contracts-upgradeable are vulnerable to Out-of-bounds Read. The vulnerability is due to Base64.encode function which encodes a byte input by iterating over it in chunks of 3 byte and reading the parts of the memory beyond the input buffer when the input is n...

CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

CVE-2024-27094

OpenZeppelin Contracts Base64.encode has a memory-read flaw when input length is not a multiple of 3, risking corruption of the encoded output. This affects OpenZeppelin Contracts (and upgradeable) prior to versions 5.0.2 and 4.9.6. Remediation: upgrade to 5.0.2 or 4.9.6. No exploit details are p...

PT-2024-21645

Name of the Vulnerable Software and Affected Versions OpenZeppelin Contracts versions prior to 4.9.6 OpenZeppelin Contracts versions prior to 5.0.2 Description The Base64.encode function in OpenZeppelin Contracts encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is...

Debian: Security Advisory (DLA-711-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WP User Frontend < 3.5.29 - Obscure Registration as Admin

The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. Create a new download on:...