CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

PSF-2022-10 Slow IDNA decoding with large strings

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

USN-5715-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...

PT-2022-26867 · Gifdec · Gifdec

Name of the Vulnerable Software and Affected Versions: Gifdec version 1dcbae19363597314f6623010cc80abad4e47f7c Description: The issue is related to an out-of-bounds read in the read image data function. This problem occurs when the software attempts to parse a specially crafted Gif file...

The vulnerability of the PJMEDIA RTP decoder and the PJMEDIA SDP parser of the multimedia communication library PJSIP allows a perpetrator to execute arbitrary code.

The vulnerability of the PJMEDIA RTP decoder and the PJMEDIA SDP parser, which are part of the PJSIP multimedia communication library, stems from the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

GIF decoder 缓冲区错误漏洞

GIF decoder is a small C library that can be used to read GIF files by the personal developer Marcel Rodrigues. A security vulnerability exists in GIF decoder due to an out-of-bounds readimagedata when parsing a carefully crafted Gif file provided by an attacker...

Denial of Service (DoS)

Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Denial of Service DoS via URLEncodedFormDecoder. When using automatic content decoding, an attacker can craft a request body that can make the server crash. Details Denial of...

The vulnerability of the Decoder.Skip component in the Go programming language is related to an uncontrolled recursion, which allows a hacker to trigger a service failure.

The vulnerability of the Decoder.Skip component in the Go programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

Denial Of Service (DoS)

github.com/free5gc/free5gc is vulnerable to denial of service. The vulnerability exists due to a index-out-of-range panic in aper.GetBitString, allowing an attacker to crash the application through the AMF and NGAP decoders by providing a maliciously crafted NGAP message...

MGASA-2022-0386 Updated poppler packages fix security vulnerability

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described...

Updated poppler packages fix security vulnerability

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described...

Malicious code in @nexthink/arm-jwt-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51df48a51ecff12b69c9a30fb95f37dcd19cbf557c11e050fb5cd202e6a1d8be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-459 Malicious code in @nexthink/arm-jwt-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51df48a51ecff12b69c9a30fb95f37dcd19cbf557c11e050fb5cd202e6a1d8be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

PT-2022-5396 · Exiv2 +1 · Exiv2 +1

Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to an integer overflow in the QuickTimeVideo::userDataDecoder function of the quicktimevideo.cpp file in the QuickTime Video Handler component. This can be exploited...