CVE-2026-20031

A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the realtolower and outputmarks functions. An attacker can cause memory corruption and potentially crash or destabilize applications by submitting specially crafted and extremely large Unicode strings. Remediatio...

EUVD-2006-1042

Malware in sbrugna...

EUVD-2009-1628

Malware in sbrugna...

EUVD-2017-0203

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-7653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject...

Azure Linux 3.0 Security Update: unzip (CVE-2021-4217)

The version of unzip installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4217 advisory. - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lea...

The vulnerability in unzip occurs due to improper handling of Unicode strings

...

GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings

...

USN-7054-1 unzip vulnerability

It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary co...

USN-5615-3: SQLite vulnerability

USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash...

RHEL 8 : unzip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - unzip: SIGSEGV during the conversion of an utf-8 string to a local string CVE-2022-0530 - A flaw was foun...

RHEL 7 : unzip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - unzip: Heap-based buffer overflow in fileio.c:UzpPassword function allows code execution CVE-2018-1000035...

PortEx - Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...

Amazon Linux 2023 : unzip (ALAS2023-2023-029)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-029 advisory. A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially...

SUSE CVE-2006-4980

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts...

SUSE CVE-2009-1633

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service memory corruption and possibly have unspecified other impact via 1 a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or ...

SUSE CVE-2015-4041

The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service heap-based buffer overflow and application crash ...

SUSE CVE-2021-33286

In NTFS-3G versions 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution...

Amazon Linux 2 : unzip (ALAS-2023-1906)

The version of unzip installed on the remote host is prior to 6.0-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1906 advisory. A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null...