118 matches found
SUSE CVE-2021-3630
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28...
SUSE CVE-2021-4090
An out-of-bounds OOB memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmvalbmlen-1 in nfsd4decodebitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system...
Buffer Overlow in TSS2_RC_Decode in tpm2-tss
...
CVE-2022-45332
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decodepreR13sectionhdr at decoder11.c...
Denial Of Service (DoS)
decode-uri-component is vulnerable to Denial Of Service DoS. A remote attacker is able to cause denial of service conditions via sending a malicious payload through the decode function in index.js due to improper input validation...
Cookie Injection
react/http is vulnerable to cookie injection. The vulnerability exists due to a lack of sanitization in the decode function in urldecode in Message/ServerRequest.php allowing an attacker to counterfeit cookies...
GHSA-J66Q-QMRC-89RX jsonpickle unsafe deserialization
jsonpickle through 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode function. This CVE is disputed by the project author as intended functionality...
CVE-2020-18773
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...
Exiv2 Invalid Memory Access Vulnerability
Exiv2 is a cross-platform C library and command-line utility for managing image metadata. An invalid memory access vulnerability exists in the decode function in iptc.cpp in Exiv2 version 0.27.99.0. An attacker could exploit the vulnerability to cause a denial of service via a specially crafted t...
CVE-2020-18773
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...
PYSEC-2021-883
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...
Design/Logic Flaw
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...
CVE-2020-18773
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...
PT-2021-3527 · Djvulibre +4 · Djvulibre +4
Name of the Vulnerable Software and Affected Versions: DjVuLibre versions prior to 3.5.28 Description: An out-of-bounds write issue was found in the DJVU::DjVuTXT::decode function in DjVuText.cpp via a crafted djvu file, which may lead to a crash and segmentation fault. This flaw can be exploited...
DEBIAN-CVE-2021-32493
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...
PT-2021-10684 · Gnu · Gnu Libredwg
Name of the Vulnerable Software and Affected Versions: GNU LibreDWG version 0.10 Description: An issue in GNU LibreDWG leads to a memory leak when crafted input is processed by the dwg decode eed function in the decode.c file. Recommendations: For GNU LibreDWG version 0.10, at the moment, there i...
ezXML 缓冲区错误漏洞
ezXML is a C library for parsing XML documents . A heap buffer overflow vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmldecode function when parsing a specially crafted XML file. An attacker could exploit this...
CVE-2020-22083
Python-jsonpickle allows remote code execution during deserialization of a malicious payload through the decode function...
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
DEBIAN-CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...