Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the ggmlnbytes function. An attacker can achieve memory corruption and potentially execute arbitrary code by supplying a specially crafted GGUF file with manipulated tensor dimensions that trigger an intege...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the webbrowser.open function. An attacker can execute arbitrary browser command-line options by supplying a URL with leading dashes, potentially causing unintended browser behavior or security bypass...

Authorization Bypass Through User-Controlled Key

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the setPassword.json.php endpoint. An attacker can gain unauthorized access to protected channels by submitting...

Uncontrolled Recursion

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONTaggedDecoder.decodeobj function in jsontags.py. An attacker can cause the application to crash by submittin...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GroupEventJsonView endpoint. An attacker can access event data belonging to other organizations by specifying identifiers for resources outside their authorized scope. Note: This...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the proxy.php endpoint when handling HTTP redirects without re-validating the redirect target. An attacker can access internal...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the HTML fragment parsing process when ns is set to UNDEF. An attacker can cause memory corruption by crafting input that results in a comment being created with the "unknow...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in WriteSIXELImage in sixel.c. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit Credit: Mcsky23...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in smb.c, which may reuse already freed memory from a previous SMB connection request. The window of opportunity to exploit this is small, and the region of memory exposed is small and out of the attacker's control...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in Magickpngwriterawprofile in the PNG encoder. An attacker can cause a heap buffer over-write and disrupt application availability or alter program behavior by supplying an image with an extremely large profile...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ReadMATImage function in mat.c, which mistakenly uses 32-bit arithmetic. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Release Credit: ylwango613...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the WaveletDenoiseImage function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Red Hat Bugzilla Bug Credit: Hao Ren...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the readdirectory function. An attacker can cause a denial of service by providing specially crafted input files that trigger an out-of-bounds read during the parsing process. Remediation A fix was pushed into the...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the parsing process of specially crafted ELF files with the readelf program. An attacker can cause the application to crash by convincing a user to open a malicious file. This is only exploitable if a user processes an...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/server/shutdown endpoint handler. An attacker can repeatedly terminate the server process by sending requests to this endpoint, resulting in continuous server downtime and service disruption. Remediati...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash or become unresponsive by sending malformed requests that trigger uncontrolled recursion, potentially leading to a stack overflow. Remediation A fix was pushed into...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the getData function of the preview component when processing image metadata with an extra command line argument. An attacker can cause a crash or potentially read out-of-bounds memory by supplying specially crafte...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the preview component when processing input with an extra command line argument such as -pp. An attacker can cause the application to crash by providing crafted input that triggers an integer overflow, leading to t...