CVE-2020-6148

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

CVE-2020-6089

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-6147

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

CVE-2020-6150

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...

CVE-2020-13493

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

Security update for tiff

This update for tiff fixes the following issues: CVE-2024-7006: Fix pointer deref in tifdirinfo.c bsc1228924 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...

MGASA-2025-0031 Updated clamav packages fix security vulnerability

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability. CVE-2025-20128...

Updated clamav packages fix security vulnerability

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability. CVE-2025-20128...

Fedora: Security Advisory (FEDORA-2024-ccdbd92d7b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-34647 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

PT-2025-34640 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

The Windows Registry Adventure #5: The regf file format

Posted by Mateusz Jurczyk, Google Project Zero As previously mentioned in the second installment of the blog post series "A brief history of the feature", the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special,...

CVE-2024-12670

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Autodesk Navisworks 安全漏洞

Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Navisworks, which can be exploited to cause a crash, data corruption, or execution of arbitrary code in the...

PT-2024-10222 · Document Foundation +5 · Libreoffice +5

Name of the Vulnerable Software and Affected Versions: LibreOffice versions 24.8 through 24.8.3 Description: The issue is related to an improper limitation of a pathname to a restricted directory, allowing absolute path traversal. An attacker can write to arbitrary locations, albeit suffixed with...

PT-2024-39305 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2025.10 Description: An out-of-bounds write issue was discovered in the Open Design Alliance Drawings SDK. This issue can be triggered by reading a crafted DWF file and missing proper checks...

CVE-2024-11522

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

UBUNTU-CVE-2024-53432

While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::outofrange exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service DoS attack when processing untrusted PLY files...

PT-2024-35739 · Pcl +3 · Pcl +3

Name of the Vulnerable Software and Affected Versions: PCL version 1.14.1 Description: The issue occurs when parsing certain malformed PLY files, causing PCL to crash due to an uncaught std::out of range exception in PCLPointCloud2::at. This could potentially be exploited to cause a...

CLSA-2024-1731341386 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...