CVE-2020-29385

GNOME gdk-pixbuf aka GdkPixbuf before 2.42.2 allows a denial of service infinite loop in lzw.c in the function writeindexes. if c-selfcode equals 10, self-codetable10.extends will assign the value 11 to c. The next execution in the loop will assign self-codetable11.extends to c, which will give t...

CVE-2020-29385

GNOME gdk-pixbuf aka GdkPixbuf before 2.42.2 allows a denial of service infinite loop in lzw.c in the function writeindexes. if c-selfcode equals 10, self-codetable10.extends will assign the value 11 to c. The next execution in the loop will assign self-codetable11.extends to c, which will give t...

go-toolset:ol8 security update

delve 1.4.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.4.1-1 - Rebase to 1.4.1 - Resolves: rhbz1821281 - Related: rhbz1820596 1.4.0-2 - Change i686 to a better macro - Related: rhbz1820596 1.4.0-1 - Rebase to 1.4.0 - Remove Patch1781 - Related: rhbz1820596 1.3.2-3 -...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0091)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected by multiple vulnerabilities: - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of...

Buffer Error Vulnerability in Multiple Qualcomm Products

A Qualcomm chip is a chip from Qualcomm Incorporated USA. It is a way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc. and is often fabricated on the surface of semiconductor wafers. A buffer error vulnerability exists in several Qualcomm products, which...

CVE-2020-29385

GNOME gdk-pixbuf aka GdkPixbuf before 2.42.2 allows a denial of service infinite loop in lzw.c in the function writeindexes. if c-selfcode equals 10, self-codetable10.extends will assign the value 11 to c. The next execution in the loop will assign self-codetable11.extends to c, which will give t...

Denial Of Service (DoS)

openexr is vulnerable to denial of service DoS. The vulnerability exists in the DwaCompressor::uncompress in ImfDwaCompressor.cpp due to the out-of-bounds read and write when handling the UNKNOWN compression, allowing an attacker to crash the application...

Buffer Overflow

Buffer overflow in the listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via vectors related to the compression method...

Understanding Emerging Video Formats

In my previous post, we discussed two new image formats: High-Efficiency Image File HEIF and AV1 Image File AVIF. In this article, we'll take a closer look at two emerging video formats built on the same foundations. Akamai Image & Video Manager IVM already supports the key video codecs H.264,...

Understanding New Image Formats

Akamai Image & Video Manager IVM already supports key modern image types, such as WebP, JPEG 2000, and JPEG XR, but the imaging industry is always evolving and raising the bar on the balance of compression and quality. In addition, creative and development teams are regularly asking about new...

Integer overflow

An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow...

CVE-2020-29367

CVE-2020-29367 affects Blosc C-Blosc2 (Blosc devel up to version 2.0.0.beta.5). A heap-based buffer overflow occurs when there is insufficient space to write compressed data, potentially impacting programs that rely on Blosc for compression. The vulnerability is described with a high impact on co...

Pixar OpenUSD Binary File Format Token Strings Information Leak Vulnerability

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 ----------- Tổng quan: Tính năng compression...

Citrix App Layering: Compress Layer Utility

Introduction When layers are created in Unidesk 2.x files are written into the vmdk at the block level. The vmdk being written to is a “Thin” disk but deleted blocks are not freed up before saving the layer. This means that the layer sizer is greater then the actual size of the files required to...

PT-2020-5656 · Fluent Bit · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: Fluent Bit versions prior to 1.6.4 Description: The issue is related to the flb gzip compress function in Fluent Bit, which has an out-of-bounds write due to incorrect calculation of the maximum gzip data-size expansion. This could allow a...

CVE-2020-5933

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...

CVE-2020-5933

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...

Design/Logic Flaw

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...