Lucene search
K

4 matches found

OSV
OSV
added 2026/07/06 3:28 p.m.6 views

BIT-PYTHON-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
Amazon
Amazon
added 2026/05/14 12:0 a.m.18 views

Important: python3

Issue Overview: Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. CVE-2026-4786 Use-after-free UAF wa...

9.1CVSS7.5AI score0.00579EPSS
Exploits0
OSV
OSV
added 2026/04/13 5:15 p.m.2 views

CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS7.2AI score0.00579EPSS
Exploits0References56
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.2 views

SUSE CVE-2010-0405

Integer overflow in the BZ2decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted compressed file...

5.1CVSS8AI score0.03297EPSS
Exploits0References5
Rows per page
Query Builder