XLMMacroDeobfuscator - Extract And Deobfuscate XLM Macros (A.K.A Excel 4.0 Macros)

XLMMacroDeobfuscator can be used to decode obfuscated XLM macros also known as Excel 4.0 macros. It utilizes an internal XLM emulator to interpret the macros, without fully performing the code. It supports both xls, xlsm, and xlsb formats. It uses xlrd2, pyxlsb2 and its own parser to extract cell...

DEBIAN-CVE-2021-38171

adtsdecodeextradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the initgetbits return value, which is a necessary step because the second argument to initgetbits can be crafted...

CVE-2021-21827

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An...

CVE-2021-21828

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...

PT-2021-7360 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.13 Description: The issue is related to a slab out-of-bounds write in the decode data function of the drivers/net/hamradio/6pack.c component in the Linux kernel. This can be exploited to gain access to...

PT-2021-7820 · At&T · At&T Labs Xmill

Name of the Vulnerable Software and Affected Versions: AT&T Labs Xmill version 0.7 Description: A heap-based buffer overflow issue exists in the XML Decompression DecodeTreeBlock functionality. Within DecodeTreeBlock, which is called during the decompression of an XMI file, a UINT32 is loaded fro...

Denial Of Service (DoS)

djvulibre:edge is vulnerable to denial of service. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...

OESA-2021-1304 openvswitch security update

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. Security Fixes: Open vSwitch aka openvswitch 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a...

OESA-2021-1303 libass security update

libass is a portable subtitle renderer for the ASS/SSA Advanced Substation Alpha/Substation Alpha subtitle format. It is mostly compatible with VSFilter. Security Fixes: libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the...

Industrial Light And Magic（lim） OpenEXR 输入验证错误漏洞

Industrial Light And Magic lim OpenEXR is an image file format for high dynamic range HDR images from Industrial Light and Magic LIM Industrial Light And Magic lim, USA. A security vulnerability exists in OpenEXR version 0.9.5, which stems from an integer overflow override in...

DEBIAN-CVE-2021-3246

A heap buffer overflow vulnerability in msadpcmdecodeblock of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file...

DEBIAN-CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the wrong integer data type is used for subtraction...

PT-2021-6688 · Libass +2 · Libsass +2

Name of the Vulnerable Software and Affected Versions: libass versions 0.15.x through 0.15.0 Description: The issue is related to the decode chars function of the libass subtitle renderer, which is used for ASS/SSA formats. It involves the use of an incorrect integer data type for subtraction,...

OESA-2021-1266 djvulibre security update

DjVu is a set of compression technologies, a file format, and a software platform for the deliveryover the Web of digital documents, scanned documents, and high resolution images.DjVu documents download and display extremely quickly, and look exactly the same on all platforms with no compatibilit...

CVE-2020-23707

A heap-based buffer overflow vulnerability in the function okjpgdecodeblockprogressive at okjpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service DOS via a crafted jpeg file...

PT-2021-10932 · Unknown · Ok-File-Formats

Name of the Vulnerable Software and Affected Versions: ok-file-formats through 2020-06-26 Description: A heap-based buffer overflow issue in the ok jpg decode block progressive function at ok jpg.c:1054 allows attackers to cause a Denial of Service DOS via a crafted jpeg file. Recommendations: Fo...

JWTweak - Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm

With the global increase in JSON Web Token JWT usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementatio...

OSV-2021-907 Heap-buffer-overflow in decode_header_value_literal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35675 Crash type: Heap-buffer-overflow READ 1 Crash state: decodeheadervalueliteral decodeheader h2ohpackparserequest...

DEBIAN-CVE-2021-3630

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28...

CVE-2021-3630

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28...