10 matches found
Improper Handling of Unicode Encoding
Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious sequences that decode to canonical characters. This is only...
GHSA-Q6X5-8V7M-XCRF protobufjs has overlong UTF-8 decoding
Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...
protobufjs has overlong UTF-8 decoding
Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...
Linux Distros Unpatched Vulnerability : CVE-2025-46646
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for...
ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
A flaw was found in Ghostscript/base/gputf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories...
ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
A flaw was found in Ghostscript/base/gputf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories...
ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
A flaw was found in Ghostscript/base/gputf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories...
UBUNTU-CVE-2025-46646
In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954...
ALPINE-CVE-2024-46954
An issue was discovered in decodeutf8 in base/gputf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal...
php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
Integer overflow in the xmlutf8decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870...