100 matches found
CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files...
CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files...
CVE-2023-42521
Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...
WithSecure Multiple Product Resource Management Error Vulnerability
WithSecure products is a series of security software from the Finnish company WithSecure. WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and earlier. versions, WithSecure Client Security for Mac 15,...
K68713584: bzip2 vulnerability CVE-2019-12900
Security Advisory Description BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900 Impact BIG-IP AAM If an iSession tunnel is configured with an iSession profile that has bzip2 compression enabled, an attacker using speciall...
CVE-2022-4883
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...
CVE-2022-30631
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
Design/Logic Flaw
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
Fedora: Security Advisory for ntfs-3g-system-compression (FEDORA-2022-13bc8c91b0)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Apache Commons Compress Resource Management Error Vulnerability (CNVD-2022-62077)
A resource management error vulnerability exists in Apache Commons Compress, a library for processing compressed files from the Apache Foundation, which stems from the fact that when reading a specially crafted 7Z archive, Compress can allocate a large amount of memory, resulting in an...
Irzip Null Pointer Dereference Vulnerability (CNVD-2021-48849)
Irzip is a compression utility that excels at compressing large files. A null pointer dereference vulnerability exists in lzodecompressbuf in stream.c in Irzip version 0.621, which can be exploited by an attacker to cause a denial of service via specially crafted compressed files...
UnZip: User-assisted execution of arbitrary code
Background Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files. Description Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially craft...
WordPress WP Database Backup File Read Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP Database Backup is a data backup plugin used in it. A security vulnerability exists in WordPress WP Database Backup 5.5 and earlier...
[SECURITY] Fedora 29 Update: ntfs-3g-2017.3.23-11.fc29
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove,...
[SECURITY] Fedora 30 Update: ntfs-3g-2017.3.23-11.fc30
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove,...
zutils zcat buffer overflow vulnerability
zutils is a package of zip file handling utilities. The program supports compression/decompression, compressed file comparison and compressed file integrity checking. zcat is one of the decompression utilities. A buffer overflow vulnerability exists in zcat in versions prior to zutils 1.8-pre2. A...
Ubuntu 14.04 LTS : Apache Ant vulnerability (USN-3721-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3721-1 advisory. Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially...
Ubuntu: Security Advisory (USN-3721-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3721-1 ant vulnerability
Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files...
USN-3721-1: Apache Ant vulnerability
Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files...