Fedora: Security Advisory for sfnt2woff-zopfli (FEDORA-2022-458378be7a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for sfnt2woff-zopfli (FEDORA-2022-f0980dffd1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl: HTTP compression denial of service

A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...

OS Command Injection

nadesiko3 is vulnerable to OS command injection. The vulnerability exists due to compression and decompression which allows an attacker to inject and execute arbitrary commands...

GHSA-M8R5-7WF4-63MW Nadesiko3 OS Command Injection vulnerability

OS command injection vulnerability in Nadesiko3 PC Version v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The...

Nadesiko3 OS Command Injection vulnerability

OS command injection vulnerability in Nadesiko3 PC Version v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The...

CVE-2022-41642

OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

Command injection

OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

PT-2022-25999 · Nadesiko3 · Nadesiko3

Name of the Vulnerable Software and Affected Versions: Nadesiko3 PC Version versions 3.3.61 and earlier Nadesiko3 PC Version versions 3.3.68 and earlier Description: The issue allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

CVE-2022-41642

OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...

Dropbox Lepton Denial of Service Vulnerability

Dropbox Lepton is a set of tools for lossless compression of JPEG format files. A denial of service vulnerability exists in LEPTON Project Dropbox Lepton version 1.2, which can be exploited to launch a denial of service attack by passing a carefully crafted JPEG file to the Lepton image compressi...

Binary vulnerability in libarchive (CNVD-2022-90746)

libarchive is a multi-format archive and compression library. A binary vulnerability exists in libarchive, which can be exploited by attackers to execute arbitrary code...

CVE-2022-4104

A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service...

CVE-2022-4104

A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service...

CVE-2022-4104

CVE-2022-4104 affects the Lepton image compression tool (Dropbox Lepton). The vulnerability is caused by a loop with an unreachable exit condition that can be triggered by passing a crafted JPEG file, resulting in a denial of service. Reported impact in sources notes a DoS condition; exploitation...

Libarchive Code Execution Vulnerability

libarchive is a multi-format archive and compression library. libarchive A code execution vulnerability exists in libarchive version 3.6.1, which stems from a failure to check for errors after calling the calloc function, i.e., if the function fails, the calloc function returns a NULL pointer,...

curl security update

7.76.1-19 - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 - fix FTP-KRB bad message verification CVE-2022-32208 7.76.1-18 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.76.1-17 - fix leak of SRP credentials in redirects...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

wavpack security update

An update is available for wavpack. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WavPack is a completely open audio compression format providing lossless,...

speex security update

An update is available for speex. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Speex is a patent-free compression format designed especially for speech. It is...