31 matches found
AZL-38130 CVE-2024-28180 affecting package telegraf for versions less than 1.29.4-8
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
CVE-2023-28119
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...
SUSE-SU-2022:3617-1 Security update for netty
This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...
CVE-2017-11235
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code...
CVE-2016-6581
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...
Microsoft Windows Cinepak codec memory corruption
Memory corruption on data decompression...
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and...
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and...
libpng DoS
Resources exhaustion on data decompression in pngdecompresschunk...
GLSA-200609-13 : gzip: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200609-13 gzip: Multiple vulnerabilities Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a...
gzip: Multiple vulnerabilities
Background gzip, the GNU zip compression utility, is a free and patent unencumbered replacement for the standard compress utility. Description Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the L...