Lucene search
K

44 matches found

Prion
Prion
added 2021/08/20 10:15 p.m.18 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...

7.5CVSS9.6AI score0.01136EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/20 9:3 p.m.28 views

CVE-2021-21828

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...

8.1CVSS9.9AI score0.01136EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/20 9:3 p.m.36 views

CVE-2021-21827

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An...

8.1CVSS9.8AI score0.01136EPSS
Exploits1References1
CVE
CVE
added 2021/08/20 9:3 p.m.58 views

CVE-2021-21827

CVE-2021-21827 is a heap-based buffer overflow vulnerability in AT&T Labs Xmill 0.7, triggered by DecodeTreeBlock during XMI decompression. The vulnerability arises when a UINT32 read from the input is used as the length for a buffer during various decode paths, leading to unsafe copies via memcp...

9.8CVSS9.6AI score0.01136EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/20 9:2 p.m.31 views

CVE-2021-21826

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An...

8.1CVSS9.9AI score0.01136EPSS
Exploits1References1
CVE
CVE
added 2021/08/20 9:2 p.m.69 views

CVE-2021-21826

CVE-2021-21826 is a heap-based buffer overflow in AT&T Labs Xmill 0.7, within XML Decompression DecodeTreeBlock. A crafted XMI file triggers a UINT32-derived length for an internal buffer, enabling a attacker-controlled input to overflow. The initial description confirms the vulnerability, includ...

9.8CVSS9.5AI score0.01136EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/08/18 1:15 p.m.23 views

CVE-2021-21825

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS0.02274EPSS
Exploits1References1
Prion
Prion
added 2021/08/18 1:15 p.m.22 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

7.5CVSS9.8AI score0.02274EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/18 12:52 p.m.28 views

CVE-2021-21825

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS10AI score0.02274EPSS
Exploits1References1
OSV
OSV
added 2021/08/13 7:15 p.m.6 views

CVE-2021-21829

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7.8AI score0.02545EPSS
Exploits1References1
NVD
NVD
added 2021/08/13 7:15 p.m.22 views

CVE-2021-21830

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS0.02274EPSS
Exploits1References1
NVD
NVD
added 2021/08/13 7:15 p.m.25 views

CVE-2021-21829

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS0.02545EPSS
Exploits1References1
Prion
Prion
added 2021/08/13 7:15 p.m.19 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

7.5CVSS9.8AI score0.02274EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/13 6:17 p.m.30 views

CVE-2021-21829

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS10AI score0.02545EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/13 6:16 p.m.31 views

CVE-2021-21830

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS10AI score0.02274EPSS
Exploits1References1
CVE
CVE
added 2021/08/13 6:16 p.m.98 views

CVE-2021-21830

AT&T Labs Xmill 0.7 contains a heap-based buffer overflow in the XML Decompression LabelDict::Load path that can be triggered by a crafted XMI file, leading to remote code execution. CVE-2021-21830 is the assigned identifier for this vulnerability, with Red Hat and CVE listings reiterating the sa...

9.8CVSS9.8AI score0.02274EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2021/08/10 12:0 a.m.66 views

AT&T Labs Xmill XML decompression DecodeTreeBlock multiple heap-based buffer overflow vulnerabilities

Summary Multiple heap-based buffer overflow vulnerabilities exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. A specially crafted XMI File can lead to remote code execution. An attacker can provide a malicious file to trigger these vulnerabilities. Tested...

8.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/08/10 12:0 a.m.6 views

PT-2021-7820 · At&T · At&T Labs Xmill

Name of the Vulnerable Software and Affected Versions: AT&T Labs Xmill version 0.7 Description: A heap-based buffer overflow issue exists in the XML Decompression DecodeTreeBlock functionality. Within DecodeTreeBlock, which is called during the decompression of an XMI file, a UINT32 is loaded fro...

9.8CVSS8.6AI score0.01136EPSS
Exploits1References13
Talos
Talos
added 2021/08/10 12:0 a.m.50 views

AT&T Labs Xmill XML decompression EnumerationUncompressor::UncompressItem heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.3AI score0.02545EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.8 views

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A security vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem function in AT&T Labs Xmill version 0.7. An attacker could exploit the vulnerability to remotely execute code...

9.8CVSS7.8AI score0.02274EPSS
Exploits1References4
Rows per page
Query Builder