ALSA-2025:14130 Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

CVE-2025-9165

A memory leak flaw was found in LibTIFF. This vulnerability affects the TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 function in the file tools/tiffcmp.c of the tiffcmp component. Executing manipulation can lead to a memory leak. The attack is restricted to local execution...

GHSA-GJX4-2C7G-FM94 screenshot-desktop vulnerable to command Injection via `format` option

Impact This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. An attacker can craft malicious input such as: format: "; echo vulnerable /tmp/hello;" This...

screenshot-desktop vulnerable to command Injection via `format` option

Impact This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. An attacker can craft malicious input such as: format: "; echo vulnerable /tmp/hello;" This...

CVE-2025-9165

A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is...

Arbitrary Command Injection

Overview screenshot-desktop is a Capture a screenshot of your local machine Affected versions of this package are vulnerable to Arbitrary Command Injection via the format option in the Snapshot functions. An attacker can execute arbitrary commands with the privileges of the calling process by...

CVE-2025-55294

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2025-55294

The CVE-2025-55294 issue affects the screenshot-desktop package. The vulnerability stems from the format option in the Snapshot function, where user-controlled input is interpolated into a shell command without sanitization, enabling arbitrary command execution with the caller’s privileges. Repor...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2025-38558 usb: gadget: uvc: Initialize frame-based format color matching descriptor

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcgframebasedmake due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca...

Medium: gstreamer1-plugins-base

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gstssaparseremoveoverridecodes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA SubStation Alpha style...

screenshot-desktop 命令注入漏洞

screenshot-desktop is a screenshot software by the individual developer Ben Evans. A command injection vulnerability exists in screenshot-desktop that stems from the format option not being cleaned of user input, which could lead to command injection...

Linux Distros Unpatched Vulnerability : CVE-2022-27337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file. CVE-2022-27337 Note tha...

Medium: gstreamer-plugins-bad-free

Issue Overview: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5362 NOTE: Fixed by:...

PT-2025-33818 · Unknown · Screenshot-Desktop

Name of the Vulnerable Software and Affected Versions: screenshot-desktop versions prior to 1.15.2 Description: screenshot-desktop is susceptible to a command injection issue. User-controlled input provided to the format option of the screenshot function is interpolated into a shell command witho...

ROS-20250819-09

Vulnerability of libxml2 library's xmlSchematronFormatReport function is related to reading data outside of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted XML file Vulnerability in the...