arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

PT-2022-5132 · Arr-Pm · Arr-Pm

Name of the Vulnerable Software and Affected Versions: Arr-pm versions prior to 0.0.12 Description: The issue is related to OS command injection, which can result in shell execution if an RPM contains a malicious payload compressor field. This impacts the extract and files methods of the RPM::Fil...

OESA-2022-1885 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to...

OESA-2022-1884 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to...

UPX 缓冲区错误漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX version 4.0.0, which stems from a heap-based out-of-bounds read that can be implemented by an attacker via a carefully crafted Mach-O file to the invertptdynamic function of its plxelf.cpp...

UPX 缓冲区错误漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX version 4.0.0, which stems from a heap-based out-of-bounds read that can be implemented by an attacker via a carefully crafted Mach-O file to the invertptdynamic function of its plxelf.cpp...

UPX 数字错误漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX version 3.96, which stems from a floating-point exception issue found in the PackLinuxElf64::invertptdynamic function of the plxelf.cpp file, which can be triggered by an attacker with a crafte...

Uncontrolled Resource Consumption in Apache Commons Compress

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service CPU consumption via a file with many repeating inputs...

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs. A buffer error vulnerability exists in AT&T Labs' Compressor XMilI and decompressor XDemill, which could be exploited by an attacker to cause code execution with elevated privileges on an engineering workstation. T...

The vulnerability of the DwaCompressor component of the image storage software for OpenEXR files, which has a wide dynamic range of brightness levels, leads to uncontrolled resource consumption. This allows attackers to cause system failures.

The vulnerability of the DwaCompressor component of the image storage software for OpenEXR files, which supports a wide dynamic range of brightness levels, is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

SUSE: Security Advisory (SUSE-SU-2021:2834-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AT&T Labs Xmill 缓冲区错误漏洞

Xmill is an efficient compressor of XML data. a stack buffer overflow vulnerability exists in the command line parsing HandleFileArg function in Xmill version 0.7. An attacker could exploit the vulnerability by providing malicious input via the filepattern parameter to cause a denial of service...

The vulnerability of the DwaCompressor::Classifier::Classifier function in software for storing images with wide dynamic range brightness in OpenEXR, related to a single offset error, allows attackers to cause service interruptions.

The vulnerability of the DwaCompressor::Classifier::Classifier function in software for storing images with wide dynamic range brightness in OpenEXR is related to a single-shift error. Exploiting this vulnerability could allow an attacker to cause service failures...

SUSE: Security Advisory (SUSE-SU-2018:0862-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-26260

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215...

dll hijacking vulnerability in flypress compression software

Flying Pressure Compressor is a compression and decompression software. FlyPress Compressor has a dll hijacking vulnerability that can be exploited by attackers to gain control of the server...

PT-2021-4596 · Openexr +4 · Openexr +4

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.1 Description: The issue is related to an integer overflow leading to a heap-buffer overflow in the DwaCompressor component of OpenEXR. This flaw can be exploited by an attacker to crash an application compiled...

PT-2021-4553 · Openexr +4 · Openexr +4

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.1 Description: The issue is related to an integer overflow leading to a heap-buffer overflow in the DwaCompressor component of OpenEXR. This flaw can be exploited by an attacker to cause a denial of service,...

LEPTON ma*** function has a heap out-of-bounds write vulnerability

LEPTON is a new lossless compression algorithm open-sourced by Dropbox, capable of lossless compression of JPEG images by an average of 22%. A heap out-of-bounds write vulnerability exists in the LEPTON ma function. An attacker can exploit this vulnerability to cause a program crash...

Fedora: Security Advisory for golang-github-andybalholm-brotli (FEDORA-2020-e21bd401ad)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...