CVE-2021-44005

A vulnerability has been identified in JT2Go All versions V13.2.0.5, Teamcenter Visualization All versions V13.2.0.5. The TiffLoader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code ...

PT-2021-5529 · Adobe · Media Encoder

Name of the Vulnerable Software and Affected Versions: Adobe Media Encoder versions 22.0, 15.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe Media Encoder when processing 3GP files. This could lead to the disclosure of sensitive memory. An attacke...

Siemens JT Utilities 资源管理错误漏洞

JT is a publicly released data format developed by Siemens Digital Industry Software.JT Open Toolkit also known as JTTK is developer-oriented application programming interface API JT-enabled software.JT Open Toolkit is a read and write toolkit.JT Utilities and JTTK file parsing vulnerabilities. A...

Metasploit Wrap-Up

Word and Javascript are a rare duo. Thanks to thesunRider. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of...

Bentley Systems Bentley View 缓冲区错误漏洞

Bentley View is a free viewer from Bentley Systems, Inc. Bentley View is vulnerable to an out-of-bounds write vulnerability that stems from a boundary error when handling JT files. An attacker could exploit the vulnerability to create a specially crafted JT file and trick a victim into opening th...

Bentley Systems Bentley View 缓冲区错误漏洞

Bentley View is a free viewer from Bentley Systems, Inc. Bentley View is vulnerable to a buffer overflow vulnerability caused by incorrect boundary checking when parsing JT files. An attacker could exploit the vulnerability to cause a buffer overflow and execute arbitrary code on the system...

Bentley Systems Bentley View 缓冲区错误漏洞

Bentley View is a free viewer from Bentley Systems, U.S.A. Bentley View is vulnerable to a buffer overflow vulnerability that stems from a boundary error when handling JT files. An attacker could exploit the vulnerability to create a specially crafted JT file and trick a victim into opening the...

PT-2021-22891 · Gerbv +3 · Gerbv +3

Name of the Vulnerable Software and Affected Versions: Gerbv version 2.7.0 Gerbv dev commit b5f1eacd Gerbv forked version commit 71493260 Description: An out-of-bounds write issue exists in the drill format T-code tool number functionality. A specially-crafted drill file can lead to code executio...

LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1350 LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability November 17, 2021 CVE Number CVE-2021-21899 SUMMARY A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw...

ExifTool Remote Code Execution Vulnerability

Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...

CVE-2021-43336

An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file an invalid number of properties can trigger a write operation pas...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The package provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for the . An "out...

ODAViewer 缓冲区错误漏洞

Open Design Alliance OdaViewer is a viewer from Open Design Alliance, USA. It is used for visualization of all Oda supported file formats and other visualization related functions. A security vulnerability exists in ODAViewer that stems from the fact that carefully crafted data in a DWF file can...

Gerbv drill format T-code tool number out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to...

PT-2021-4982 · Adobe · Audition

Name of the Vulnerable Software and Affected Versions: Adobe Audition versions 14.4 and earlier Description: The issue is related to a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...

What is an .exe file? Is it the same as an executable?

You may often see .exe files but you may not know what they are. Is it the same as an executable file? The short answer is no. So whats the difference? What is an .exe file? Exe in this context is a file extension denoting an executable file for Microsoft Windows. Windows file names have two part...

Code injection

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:...

Siemens Solid Edge 缓冲区错误漏洞

Solid Edge is a 3D CAD, parametric feature and synchronous technology solid modeling software. buffer out-of-bounds read vulnerability exists in versions prior to Siemens Solid Edge SE2021MP8. An attacker can exploit the vulnerability to disclose information in the context of the current process...

[SECURITY] Fedora 34 Update: python-pillow-8.1.2-5.fc34

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

CVE-2021-33698

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files including script files without the proper file format validation...