Code injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

K44503763: libcurl vulnerability CVE-2016-8617

Security Advisory Description The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME. CVE-2016-8617 Impact This vulnerability may allow an attacker to overwrite memory behind the...

PT-2023-19944 · Geotools · Geotools

Name of the Vulnerable Software and Affected Versions: GeoTools versions prior to 27.4 GeoTools versions prior to 28.2 Description: GeoTools is an open source Java library that provides tools for geospatial data. It includes support for OGC Filter expression language parsing, encoding and executi...

PT-2023-36029 · Hdf5 · Hdf5

Name of the Vulnerable Software and Affected Versions: HDF5 affected versions not specified Description: A heap buffer overflow issue has been identified, which can cause a crash. The crash occurs due to a WRITE 1 heap-buffer-overflow. The functions involved in the crash include H5O mtime new...

Mozilla: Out of bounds memory write from EncodeInputStream

The Mozilla Foundation Security Advisory describes this flaw as: When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write...

Mozilla: Out of bounds memory write from EncodeInputStream

The Mozilla Foundation Security Advisory describes this flaw as: When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write...

SUSE CVE-2006-0019

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI...

SUSE CVE-2009-1336

fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service OOPS via a long filename, related to the encodelookup function...

SUSE CVE-2009-5030

The tcdfreeencode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid...

SUSE CVE-2010-2097

The 1 iconvmimedecode, 2 iconvsubstr, and 3 iconvmimeencode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by...

SUSE CVE-2011-0495

Stack-based buffer overflow in the asturiencode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary...

SUSE CVE-2011-2939

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...

SUSE CVE-2011-4324

The encodeshareaccess function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service BUG and system crash by using the mknod system call with a pathname on an NFSv4 filesystem...

SUSE CVE-2016-2327

libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted .avi file, related to the apngencodeframe and encodeapng...

SUSE CVE-2016-3076

Heap-based buffer overflow in the j2kencodeentry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service memory corruption via a crafted Jpeg2000 file...

SUSE CVE-2016-3620

The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

SUSE CVE-2016-3621

The LZWEncode function in tiflzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

SUSE CVE-2016-6296

Integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

SUSE CVE-2017-14039

A heap-based buffer overflow was discovered in the opjt2encodepacket function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact...

SUSE CVE-2017-18246

The pcmencodeframe function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted media file...