CVE-2026-33287

CVE-2026-33287 is not active by itself; connected advisory GHSA-6Q5M-63H6-5X4V documents a concrete vulnerability in LiquidJS. The issue lies in the replace_first filter: it delegates to String.prototype.replace() and charges memoryLimit only for the input, allowing exponential growth of the outp...

GHSA-6Q5M-63H6-5X4V LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

Summary The replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a backreference to the matched substring. The filter only charges memoryLimit for the input string length, not the amplified output. An attacker can achieve exponential memory amplificati...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the regular expression matching engine due to missing boundary restoration in SCS. An attacker can cause a heap buffer over-read and potentially disclose sensitive information or cause a denial of service by...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a leak in the inode list during btrfs backreference traversal, which could lead to a memory leak...

SUSE CVE-2013-7422

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long digit string associated with an invalid backreference within a regula...

pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode

An out-of-bounds read was discovered in PCRE when the pattern "\X" is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to crash the application...

ZNC Code Issue Vulnerability

ZNC is a set of IRC proxies that allow users to log in to IRC servers from their workstations. A code issue vulnerability exists in ZNC 1.8.0 and later fixed in version 1.8.1-rc1. An attacker can exploit this vulnerability to cause the application to crash when echo-message is not enabled and no...

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2019-2419)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2015-2326

The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...

EulerOS 2.0 SP3 : perl (EulerOS-SA-2019-2648)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 1 cpan/Archive-Tar/bin/ptar, 2 cpan/Archive-Tar/bin/ptardiff, 3 cpan/Archive-Tar/bin/ptargrep, 4 cpan/CPAN/scripts/cpan, 5 cpan/Digest-SHA/shasum,...

Google Android System Null Pointer Dereference Vulnerability (CNVD-2019-41023)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A security vulnerability exists in the wifi hotspo service in Android version 10. An attacker can exploit this vulnerability to cause a denial of service null pointer backreference...

libwebm Null Pointer Backreference Vulnerability

libwebm is an open source network media file codec library . A null pointer back-reference vulnerability exists in the 'OutputCluster' and 'OutputTracks' functions of the webminfo.cc file in versions of libwebm prior to 2019-03-08. A remote attacker can exploit this vulnerability to cause a denia...

GNU LibreDWG null pointer back-reference vulnerability (CNVD-2019-12550)

GNU LibreDWG is a GNU Project C library for working with DWG files. A null pointer back-reference vulnerability exists in the 'dwgdxfLEADER' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...

GNU LibreDWG Null Pointer Backreference Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A null pointer back-reference vulnerability exists in the '.spec' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...

LibOFX Null Pointer Backreference Vulnerability

LibOFX is a library that allows programs to support OFX financial data bi-directional exchange command responses. A null pointer back-reference vulnerability exists in the 'OFXApplication::startElement' function in the lib/ofxsgml.cpp file in LibOFX version 0.9.14. No detailed vulnerability detai...

libming 'strlenext' function null pointer backreference vulnerability

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A null pointer back-reference vulnerability exists in the 'strlenext' function of the decompile.c file in libming version 0.4.8. An attacker c...

libming 'getInt' function null pointer backreference vulnerability

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A null pointer back-reference vulnerability exists in the 'getInt' function of the decompile.c file in libming version 0.4.8. An attacker can...

Null Pointer Backreference Vulnerability in libming 'newVar3' Function

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A null pointer back-reference vulnerability exists in the 'newVar3' function of the decompile.c file in libming version 0.4.8. An attacker can...

libming 'pushdup' function null pointer backreference vulnerability

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A null pointer back-reference vulnerability exists in the 'pushdup' function in the decompile.c file in libming version 0.4.8. An attacker can...

LibRaw 'copy_bayer' function null pointer backreference vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A null pointer back-reference vulnerability exists in the 'copybayer' function of the librawcxx.cpp file in LibRaw version 0.19.1. An attacker can exploit this vulnerability to...