Lucene search
K

357 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.2 views

SUSE CVE-2007-6697

Buffer overflow in the LWZReadByte function in IMGgif.c in SDLimage before 1.2.7 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third...

7.5CVSS8.3AI score0.10731EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.4 views

SUSE CVE-2009-1097

Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...

9.3CVSS8.1AI score0.07089EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.3 views

SUSE CVE-2013-4298

The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service memory corruption and application crash via a crafted comment in a GIF image...

4.3CVSS6.7AI score0.04688EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.4 views

SUSE CVE-2014-9709

The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function...

5CVSS6.8AI score0.15531EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.4 views

SUSE CVE-2018-17436

ReadCode in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service invalid write access via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file...

6.5CVSS6.7AI score0.01312EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.3 views

SUSE CVE-2020-10809

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service...

8.1CVSS7.8AI score0.0151EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2023/01/13 12:0 a.m.4 views

The vulnerability of the composite_frame() function in the GdkPixbuf image loading library allows a hacker to execute arbitrary code.

The vulnerability of the compositeframe function in the GdkPixbuf image loading library is related to buffer overflows during the processing of GIF format files. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7.8AI score0.00748EPSS
Exploits1References15Affected Software5
Github Security Blog
Github Security Blog
added 2023/01/02 6:30 p.m.21 views

nterchange Code Injection vulnerability

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...

9.8CVSS8AI score0.0086EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/01/02 6:30 p.m.33 views

GHSA-CP2P-6XH4-JMCP nterchange Code Injection vulnerability

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...

9.8CVSS10AI score0.0086EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.4 views

nterchange 代码注入漏洞

nterchange is a library open source by nonfiction studios. It is used for content management. A code injection vulnerability exists in nterchange version 4.1.0 and earlier versions. Attackers exploit this vulnerability to cause code injection...

9.8CVSS6.5AI score0.0086EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/02 12:0 a.m.17 views

PT-2023-10188 · Unknown · Interchange

Name of the Vulnerable Software and Affected Versions: nterchange versions up to 4.1.0 Description: A critical issue affects the function getContent of the file app/controllers/code caller controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2022/12/24 12:0 a.m.6 views

The vulnerability of the Microsoft Visio graphical editor relates to writing beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft Visio graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially created DXF and DWG files...

7.8CVSS7.9AI score0.00815EPSS
Exploits0References6
Fedora
Fedora
added 2022/12/03 1:44 a.m.26 views

[SECURITY] Fedora 36 Update: capnproto-0.9.2-1.fc36

Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange fo rmat and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protocol Buffers. Th...

5.4CVSS5.5AI score0.00852EPSS
Exploits0
NVD
NVD
added 2022/11/30 5:15 p.m.17 views

CVE-2022-46149

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...

5.4CVSS0.00852EPSS
Exploits0References6
Prion
Prion
added 2022/11/30 5:15 p.m.19 views

Out-of-bounds

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...

5.8CVSS5.2AI score0.00852EPSS
Exploits0References6Affected Software3
Cvelist
Cvelist
added 2022/11/30 12:0 a.m.78 views

CVE-2022-46149 Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...

5.4CVSS5.5AI score0.00852EPSS
Exploits0References6
CVE
CVE
added 2022/11/30 12:0 a.m.110 views

CVE-2022-46149

CVE-2022-46149 affects Cap'n Proto and its Rust crate. The vulnerability is an out-of-bounds read caused by logic errors when handling a list-of-pointer type, which can lead to a remote segfault and, with additional actions, memory exfiltration. The issue is present in inlined code and requires r...

5.4CVSS5.2AI score0.00852EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2022/11/30 12:0 a.m.22 views

CVE-2022-46149

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...

5.4CVSS5.3AI score0.00852EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/11/14 7:15 a.m.3 views

CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS6.8AI score0.01184EPSS
Exploits0References7
PyPA
PyPA
added 2022/11/14 7:15 a.m.6 views

PYSEC-2022-42979

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS7AI score0.01184EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder