40 matches found
CVE-2022-25515
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2022-25515
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2022-25514
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2022-25514
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2022-25516
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbttfindtable at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
Heap overflow
DISPUTED stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
Heap overflow
DISPUTED stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbttfindtable at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2022-25514
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
UBUNTU-CVE-2022-25515
DISPUTED stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
UBUNTU-CVE-2022-25514
DISPUTED stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
UBUNTU-CVE-2022-25516
DISPUTED stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbttfindtable at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2022-25514
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
PT-2022-17343 · Unknown · Stb Truetype.H
Name of the Vulnerable Software and Affected Versions: stb truetype.h version 1.26 Description: A heap-buffer-overflow issue was discovered in the ttUSHORT function at stb truetype.h. It is noted that the source code includes a disclaimer stating it should only be used with trusted input. A third...
PT-2022-17344 · Unknown · Stb Truetype.H
Name of the Vulnerable Software and Affected Versions: stb truetype.h version 1.26 Description: A heap-buffer-overflow issue was discovered in stb truetype.h via the function ttULONG. It is noted that the source code includes a disclaimer stating it should only be used with trusted input. A third...
CVE-2022-25515
Removed by vendor...
CVE-2022-25516
Removed by vendor...
CVE-2021-21827
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An...
Remote code execution
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
SUSE-SU-2019:13977-1 Security update for python-numpy
This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allowpickle to false by default to restrict loading untrusted content bsc1122208. With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing...
RUSTSEC-2018-0006 Uncontrolled recursion leads to abort in deserialization
Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth. Note: clap 2.33 is not...