PT-2025-15093

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description The issue concerns a remote code execution RCE exploit. Technical details include the use of a vxproj file, conversion to vbs and then to ps1 PowerShell script, and involvement of an asar fil...

Linux Distros Unpatched Vulnerability : CVE-2017-15371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of servic...

Linux Distros Unpatched Vulnerability : CVE-2017-15370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a heap-based buffer overflow in the ImaExpandS function of imarw.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attac...

CVE-2025-22131

PhpSpreadsheet CVE-2025-22131 is an XSS in generateNavigation() during XLSX-to-HTML conversion when sheet names are not escaped for multi-sheet files. Affects PhpSpreadsheet versions prior to 2.2.2, 2.1.2, and 1.29.4; PoCs exist showing cookie-exfiltration via HTML navigation. Root cause: unsanit...

CVE-2025-22131 Cross-Site Scripting (XSS) vulnerability in generateNavigation() function

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting XSS vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response...

CBL Mariner 2.0 Security Update: sox (CVE-2017-15371)

The version of sox installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-15371 advisory. - There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2...

The vulnerability of the file conversion tools between different formats, such as PS/IGES Parasolid Translator, arises from the possibility of the operation exceeding the buffer boundaries in memory. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the file conversion tools between different formats PS/IGES, Parasolid Translator is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the file conversion tools between different formats, such as PS/IGES Parasolid Translator, arises from the possibility of the operation exceeding the buffer boundaries in memory. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the file conversion tools between different formats in PS/IGES Parasolid Translator lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by opening specially created IGS files...

SUSE-SU-2023:4251-1 Security update for vorbis-tools

This update for vorbis-tools fixes the following issues: - CVE-2023-43361: Fixed a buffer overflow vulnerability during the conversion of wav files to ogg files. bsc1215942...

SUSE-SU-2023:4218-1 Security update for vorbis-tools

This update for vorbis-tools fixes the following issues: - CVE-2023-43361: Fixed a buffer overflow vulnerability during the conversion of wav files to ogg files. bsc1215942...

The vulnerability of the free_stream utility for converting files with the .fig and .fig2dev extensions involves a memory reclamation error, which allows an attacker to cause a service failure.

The vulnerability of the freestream function in the file conversion utility for files with the .fig and .fig2dev extensions is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2020-17354

LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, sa...

SUSE CVE-2012-2107

Integer overflow in the main function in util/lpcimain.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow...

SUSE CVE-2018-12459

An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

SUSE CVE-2018-17435

A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file...

CVE-2022-29851

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document...

CVE-2022-29851

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document...

CVE-2022-29851

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document...

PT-2022-19878 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions through 7.10.6 Description: The issue allows OS Command Injection in a non-default configuration where ghostscript is used, because file conversion may occur for an EPS document disguised as a PDF document...

CVE-2022-1115

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service...