[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.2-1.fc44

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.1-1.fc44

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

[SECURITY] Fedora 43 Update: rust-tar-0.4.45-1.fc43

A Rust implementation of a TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once...

[SECURITY] Fedora 41 Update: rust-astral-tokio-tar-0.5.5-1.fc41

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

SUSE CVE-2023-52501

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed th...

CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior ...

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

LibreCAD 资源管理错误漏洞

LibreCAD is an open source CAD Computer Aided Design application from the LibreCAD organization.A resource management error vulnerability exists in LibreCad libdxfrw, which stems from the reuse of freed resources by the dxfRW::processLType function. An attacker could execute malicious code throug...

The vulnerability of the Adobe DNG Software Development Kit’s file reading and writing software lies in its ability to read data beyond the buffer boundaries, allowing an attacker to disclose protected information.

The vulnerability of the Adobe DNG Software Development Kit’s file reading and writing software relates to reading beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to disclose protected information using a specially crafted file...

The vulnerability of the DNG file reading and writing software developed by Adobe’s SDK lies in buffer overflow attacks in the dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the DNG file reading and writing software developed by Adobe’s SDK is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

RW-4040 driver installer may insecurely load Dynamic Link Libraries

Overview RW-4040 driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reporte...

OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability tha...