1595 matches found
[SECURITY] Fedora 40 Update: editorconfig-0.12.7-1.fc40
EditorConfig makes it easy to maintain the correct coding style when switching between different text editors and between different projects. The EditorConfig project maintains a file format and plugins for various text editors which allow this file format to be read and used by those editors...
[SECURITY] Fedora 38 Update: editorconfig-0.12.7-1.fc38
EditorConfig makes it easy to maintain the correct coding style when switching between different text editors and between different projects. The EditorConfig project maintains a file format and plugins for various text editors which allow this file format to be read and used by those editors...
[SECURITY] Fedora 39 Update: python-pillow-10.3.0-1.fc39
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Cisco Talos disclosed several vulnerabilities in JustSystems Ichitaro Word Processor last year. These vulnerabilities were complex and were discovered through extensive reverse engineering. CVE-2023-35126 and its peers CVE-2023-34366, CVE-2023-38127, and CVE-2023-38128 were each assessed as...
DEBIAN-CVE-2024-28565
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the psdParser::ReadImageData function when reading images in PSD format...
CVE-2024-23138
A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
Potential log injection in reset user endpoint in CKAN
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. Patches This has been fixed in the CKAN 2.9.11 and 2.10.4 versions Workarounds Override th...
[SECURITY] Fedora 40 Update: xz-java-1.9-10.fc40
A complete implementation of XZ data compression in Java. It features full support for the .xz file format specification version 1.0.4, single-threaded streamed compression and decompression, single-threaded decompression with limited random access support, raw streams no .xz headers for advanced...
[SECURITY] Fedora 40 Update: libreoffice-24.2.1.1-3.fc40
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...
[SECURITY] Fedora 40 Update: diffoscope-257-2.fc40
diffoscope will try to get to the bottom of what makes files or directories different. It will recursively unpack archives of many kinds and transform various binary formats into more human readable form to compare them. It can compare two tarballs, ISO images, or PDF just as easily. The...
[SECURITY] Fedora 40 Update: aqute-bnd-6.3.1-10.fc40
The bnd tool helps you create and diagnose OSGi bundles. The key functions are: - Show the manifest and JAR contents of a bundle - Wrap a JAR so that it becomes a bundle - Create a Bundle from a specification and a class path - Verify the validity of the manifest entries The tool is capable of...
CVE-2024-25091
Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.211013 when using 'VirusChecker' or 'ThreatChecker' feature and RevoWorks Browser prior to 2.2.95 when using 'VirusChecker' or 'ThreatChecker' feature. If data containing malware is saved in a specific file format...
Important: Red Hat Security Advisory: python-pillow security update
An update for python-pillow is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
Important: Red Hat Security Advisory: python-pillow security update
An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this updat...
libLAS Security Vulnerabilities
libLAS is a libLAS open source library for reading and writing geospatial data encoded in the ASPRS laser file format versions 1.0, 1.1 and 1.2. A security vulnerability exists in libLAS version 1.8.1, which originates from a memory leak contained in /libLAS/apps/ts2las.cpp...
llama.cpp GGUF library gguf_fread_str heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1913 llama.cpp GGUF library gguffreadstr heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23496 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library gguffreadstr functionality of llama.cpp Commit 18c2e17....
llama.cpp GGUF library header.n_kv heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1916 llama.cpp GGUF library header.nkv heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23605 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A...
llama.cpp GGUF library info->ne heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1914 llama.cpp GGUF library info-ne heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21802 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A special...
llama.cpp GGUF library header.n_tensors heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1915 llama.cpp GGUF library header.ntensors heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21836 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.ntensors functionality of llama.cpp Commit...
PT-2024-9790 · Xnsoft · Xnview Classic
Name of the Vulnerable Software and Affected Versions: XnSoft XnView Classic affected versions not specified Description: The issue is related to an integer underflow in the analysis of RWZ files, which can be exploited by remote attackers to execute arbitrary code on affected installations of...