UBUNTU-CVE-2023-42503

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

UPX 安全漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in versions of UPX prior to 4.0.0, which stems from a vulnerability that allows an attacker to cause a denial of service DoS by designing a file passed to the readx function...

WordPress Highcompress Image Compressor Plugin <= 6.1.2 is vulnerable to Broken Access Control

Software Highcompress Image Compressor Type Plugin Vulnerable versions = 6.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40209 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 99c36206c314 Credits Abdi Pranat...

ht.augustcompressor.com Cross Site Scripting vulnerability OBB-3506162

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-34455 snappy-java's unchecked chunk length leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

CVE-2023-34454 snappy-java's Integer Overflow vulnerability in compress leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compresschar input in the file Snappy.java receives an array of characters and compresses it. I...

Bytecode Compressor Contract Replay Attack.

Lines of code Vulnerability details Impact Injection of duplicate code. Proof of Concept In the markBytecodeAsPublished function, the contract does not check whether a particular hash has already been added to the storage. The contract only checks the current marker value of the hash, which is se...

SUSE CVE-2009-1720

Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to 1 the Imf::PreviewImage::PreviewImage function and...

SUSE CVE-2012-2098

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service CPU consumption via a file with many repeating inputs...

SUSE CVE-2018-14444

libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash...

SUSE CVE-2020-11762

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case...

SUSE CVE-2021-26260

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215...

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

Command injection

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

CVE-2022-39224

Arr-pm is a Ruby RPM reader/writer library. Versions prior to 0.0.12 are vulnerable to OS command injection when the RPM contains a malicious payload compressor field, affecting the RPM::File::extract and RPM::File::files methods. Version 0.0.12 patches these issues. A workaround is to ensure RPM...

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via the extract and files methods of the RPM::File. Exploiting this vulnerability is possible when using RPM::Filefiles and RPM::Fileextract methods with a malicious payload compressor field in the RPM...

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

GHSA-88CV-MJ24-8W3Q arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...