GTKWave LXT2 lxt2_rd_expand_integer_to_bits stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1827 GTKWave LXT2 lxt2rdexpandintegertobits stack-based buffer overflow vulnerability January 8, 2024 CVE Number CVE-2023-38583 SUMMARY A stack-based buffer overflow vulnerability exists in the LXT2 lxt2rdexpandintegertobits function of GTKWave 3.3.115. A...

GTKWave LXT2 lxt2_rd_trace value elements allocation integer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1821 GTKWave LXT2 lxt2rdtrace value elements allocation integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-35057 SUMMARY An integer overflow vulnerability exists in the LXT2 lxt2rdtrace value elements allocation functionality of GTKWave 3.3.11...

GTKWave VZT LZMA_read_varint out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1811 GTKWave VZT LZMAreadvarint out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-36861 SUMMARY An out-of-bounds write vulnerability exists in the VZT LZMAreadvarint functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead ...

libredwg Security Vulnerabilities

libredwg is a free implementation of the DWG file format. A security vulnerability exists in libredwg versions prior to 0.12.5.6384, which stems from an out-of-bounds read problem in section-numpages in decoder2007.c. The vulnerability is caused by a read-over-bounds problem in section-numpages...

gstreamer: MXF demuxer use-after-free vulnerability

A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution...

LibTIFF Security Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF, which stems from a lack of memory, where passing a carefully crafted tiff file to the TIFFOpen AP...

GPAC Security Vulnerabilities

GPAC is an open source multimedia framework. GPAC suffers from a security vulnerability that stems from the presence of a memory leak vulnerability that allows an attacker to cause a denial of service DoS via a crafted MP4 file...

[SECURITY] Fedora 38 Update: python-pillow-9.5.0-1.fc38

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

PT-2023-35567 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. The crash occurs in the dxf header read and dwg read dxf functions, as indicated by the crash...

UBUNTU-CVE-2023-46927

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gfisomusecompactsize gpac/src/isomedia/isomwrite.c:3403:3 in gpac/MP4Box...

The vulnerability of the 3D model texturing program Adobe Substance 3D Designer, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.

The vulnerability of the 3D model texturing program Adobe Substance 3D Designer is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created USDA file...

Ubuntu 16.04 ESM : ExifTool vulnerability (USN-4987-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4987-2 advisory. USN-4987-1 fixed a vulnerability in ExifTool. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...

Pyxamstore - Python Utility For Parsing Xamarin AssemblyStore Blob Files

This is an alpha release of an assemblies.blob AssemblyStore parser written in Python. The tool is capable of unpack and repackaging assemblies.blob and assemblies.manifest Xamarin files from an APK. Installing Run the installer script: python setup.py install You can then use the tool by calling...

Important: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

LibTIFF Security Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF that stems from a memory leak when tiffcrop operates on TIFF image files, causing the application ...

PT-2023-5634 · Gstreamer +9 · Gstreamer +9

Name of the Vulnerable Software and Affected Versions: GStreamer affected versions not specified Description: The issue is related to an integer overflow in the parsing of MXF video files, which can result from the lack of proper validation of user-supplied data. This can lead to an integer...

The vulnerability of the 3D Builder software, related to the execution of operations beyond the buffer in memory, allows an attacker to execute arbitrary code.

The vulnerability of the 3D Builder software for designing and preparing objects for 3D printing is related to the execution of operations beyond the buffer boundaries in memory when processing GLB files. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading a...

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to buffer overflow in the stack, allows a attacker to execute arbitrary code.

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization product lifecycle management system is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created WRL file...

Imaging Input Validation Error Vulnerability

Imaging is a simple Go image processing package from the individual developer Grigory Dryapak. A security vulnerability exists in Imaging version 1.6.2, which stems from a vulnerability that allows an attacker to cause a panic in the scanning functionality of Scanner.go via a crafted TIFF file...

The vulnerability of the 3D viewing tool JT JT2Go, the Product Lifecycle Management system Teamcenter Visualization, and the design and simulation tools set by Siemens Solid Edge allows a malicious actor to execute arbitrary code within the context of the current process.

The vulnerability of the 3D viewing tool JT JT2Go, the product lifecycle management system Teamcenter Visualization, and the design and simulation tools set by Siemens Solid Edge relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows an attacker t...