PYSEC-2021-137

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala...

GHSA-8PMX-P244-G88H Interpreter crash from `tf.io.decode_raw`

Impact The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. python import tensorflow as tf tf.io.decoderawtf.constant"1","2","3","4", tf.uint16, fixedlength=4 The implementation of the padded version is...

libwebp 缓冲区错误漏洞

Libwebp is a WebP image format encoding and decoding library . A security vulnerability exists in versions of Libwebp prior to 1.0.1. The vulnerability stems from a heap buffer overflow in the WebPDecodeRGBInto function, caused by an invalid check of the buffer size. An attacker can exploit the...

GNU LibreDWG 缓冲区错误漏洞

GNU LibreDWG is a C language library for working with DWG files from the GNU community. LibreDWG 0.10.1 suffers from a security vulnerability that originates from a buffer overflow vulnerability in the libredwg-0.10.1/src/decoder2007.c:666:5 heap. An attacker could exploit this vulnerability to...

PT-2021-7750 · Ffjpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg versions through 2020-07-02 Description: A heap-based buffer overflow issue exists in the jfif decode function at ffjpeg/src/jfif.c line 544 and line 545, which could cause a denial of service by submitting a malicious jpeg image. This...

PT-2021-10952 · Ffjpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 2020-07-02 Description: A stack-based buffer overflow issue exists in the jfif decodevoid ctxt, BMP pb function, which could cause a denial of service by submitting a malicious jpeg image. The issue is related to the...

GNU LibreDWG 缓冲区错误漏洞

LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10. An attacker can exploit this vulnerability by reading2004sectionclasses ... /... /src/decode.c:2440 to cause a heap buffer overflow...

PT-2021-10684 · Gnu · Gnu Libredwg

Name of the Vulnerable Software and Affected Versions: GNU LibreDWG version 0.10 Description: An issue in GNU LibreDWG leads to a memory leak when crafted input is processed by the dwg decode eed function in the decode.c file. Recommendations: For GNU LibreDWG version 0.10, at the moment, there i...

PYSEC-2021-251

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

PYSEC-2021-251

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

PYSEC-2021-740

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

PYSEC-2021-740

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

CVE-2021-29614

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow versions 2.4.2,2.3.3,2.2.3, and 2.1.4, which stems from an implementation of tf.io.decoderaw that produces incorrect...

PT-2021-18365 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: The implementation of tf.io.decode raw produces incorrect results and crashes the Python...

UBUNTU-CVE-2021-32493

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...

CVE-2021-32493

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...

UBUNTU-CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi...

UBUNTU-CVE-2021-25287

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala...

Xmind 2020 - Persistent Cross-Site Scripting

Exploit Title: Xmind 2020 - XSS to RCE Exploit Author: TaurusOmar Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description: XMind, a full-featured mind mapping and...