SUSE CVE-2010-0205

The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...

GHSA-G8VQ-V3MG-7MRG Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...

Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...

CVE-2025-30160 Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive...

Redlib 代码问题漏洞

Redlib is a private front-end for Reddit open-sourced by Redlib. A code issue vulnerability exists in Redlib versions prior to 0.36.0 that stems from an attacker being able to cause a denial of service by submitting a specially crafted base2048-encoded DEFLATE decompression bomb that consumes a...

PT-2025-12367

Name of the Vulnerable Software and Affected Versions Redlib versions prior to 0.36.0 Description A denial-of-service condition can be triggered by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore preferences form, leading to excessive memory consumption a...

CVE-2024-43768

In skiaallocfunc of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

python3.12-urllib3 security update

An update is available for python3.12-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list urllib3 is a powerful, user-friendly HTTP client for Python. urlli...

[SECURITY] Fedora 40 Update: python-urllib3-1.26.19-1.fc40

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

USN-6736-2 klibc vulnerabilities

USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibl...

USN-6736-1 klibc vulnerabilities

It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. CVE-2016-9840, CVE-2016-9841 Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory whe...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: erofs: fix memory leak of LZMA global compressed deduplication When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I found some short-lived temporary pages weren't properly...

CVE-2023-52526

In the Linux kernel, the following vulnerability has been resolved: erofs: fix memory leak of LZMA global compressed deduplication When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I found some short-lived temporary pages weren't properly...

AZL-43807 CVE-2023-6992 affecting package teckit 2.5.9-4

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

AZL-44754 CVE-2023-6992 affecting package fltk for versions less than 1.3.8-1

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

AZL-43969 CVE-2023-6992 affecting package ogdi 4.1.0-9

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

AZL-44811 CVE-2023-6992 affecting package clucene 2.3.3.4-40

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

AZL-45198 CVE-2023-6992 affecting package teckit for versions less than 2.5.12-4

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...