[SECURITY] Fedora 36 Update: golang-github-pelletier-toml-2-2.0.0~beta.8-4.fc36

Go library for the TOML file format...

LibTIFF 数字错误漏洞

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF version 4.4.0. An attacker has exploited the...

AZL-45270 CVE-2022-31650 affecting package sox 14.4.2.0-34

In SoX 14.4.2, there is a floating-point exception in lsxaiffstartwrite in aiff.c in libsox.a...

OESA-2022-1669 libtiff security update

This libtiff provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libti...

SoX 输入验证错误漏洞

SoX is a set of open source audio processing tools. The product supports playing, converting and recording audio in multiple formats. A security vulnerability exists in SoX version 14.4.2, which stems from a floating point exception in lsxaiffstartwrite in aiff.c in libsox.a. The vulnerability is...

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

CVE-2022-30067

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash...

ExifTool 12.23 Arbitrary Code Execution

Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Date: 04/30/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE:...

ExifTool 12.23 - Arbitrary Code Execution

Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Date: 04/30/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE:...

[SECURITY] Fedora 36 Update: zchunk-1.2.2-1.fc36

zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file...

Heap overflow

An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

CVE-2020-6099

An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

CVE-2020-6099

CVE-2020-6099 affects Graphisoft BIMx Desktop Viewer 2019.2.2328. Talos confirms an exploitable heap buffer/overflow in the BIMx file format parsing code, where processing a crafted resource can lead to code execution. The vulnerability is tied to the resource parsing flow in BIMx.exe and, per Ta...

Laurent Rineau CGAL 输入验证错误漏洞

Laurent Rineau CGAL is a Laurent Rineau open source application. Provides access to geometric algorithms in the form of C ++ libraries. A code execution vulnerability exists in Laurent Rineau CGAL, which can be exploited by an attacker to cause out-of-scope reads and type obfuscation via a...

UBUNTU-CVE-2021-40402

An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev commit b5f1eacd, and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file...

PT-2022-9208 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to...

PT-2022-19134 · Bentley · Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

CVE-2022-25790

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution...

OESA-2022-1607 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

Hcltm - Documenting Your Threat Models With HCL

Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...