349 matches found
CVE-2026-61449
Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...
CVE-2026-61449 Grav before 2.0.2 Decompression Bomb via Forged ZIP Size
Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...
EUVD-2026-44647
Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...
CVE-2026-15709
The CVE concerns libsoup's WebSocket permessage-deflate implementation. The decompression loop (inflate()) can allocate memory without an upper bound, as output size is not bounded during decompression even though max_incoming_payload_size limits input frames. A separate check for decompressed si...
CVE-2026-15709 Soupwebsocketextensiondeflate: libsoup: libsoup: websocket permessage-deflate unbounded decompression remote denial of service
A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...
CVE-2026-15709
A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...
CVE-2026-61455
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...
EUVD-2026-42904
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...
CVE-2026-61455
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. A crafted ZIP archive can expand to fill available disk space, causing denial of service by exhausting storage resources. This CVE (CVE-20...
CVE-2026-61455 Grav before 2.0.1 Decompression Bomb via ZipArchiver
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...
CVE-2026-44160 Fluentd: Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's inhttp and inforward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as bodysizelimit and...
CVE-2026-55195 py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...
CVE-2026-55195
CVE-2026-55195 affects the py7zr Python library (pre-1.1.3) where Worker.decompress() did not track the total decompressed size. A crafted 7z archive (e.g., 15.6 KB) could expand to ~100 MB, causing disk and memory exhaustion during extraction. This is a denial-of-service risk. The issue is fixed...
CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol
rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...
CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol
rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...
BIT-PILLOW-2026-55380 Pillow GdImageFile decompression bomb protection bypass
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
BIT-PILLOW-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...
BIT-PILLOW-2026-54059 Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` — bomb protection bypass via PCF font loading
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...
SUSE CVE-2026-54060
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...