Pillow Buffer Overflow Vulnerability

Pillow is a Python based image processing library. A buffer overflow vulnerability in versions of Pillow prior to 8.1.0 causes a heap-based buffer overflow in TiffDecode when decoding specially crafted YCbCr files due to certain interpretations conflicting with LibTIFF in RGBA mode. An attacker...

DEBIAN-CVE-2020-35965

decodeframe in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations...

CVE-2020-35965

decodeframe in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations...

UBUNTU-CVE-2020-35965

decodeframe in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations...

OSV-2021-2 Heap-buffer-overflow in Imf_2_5::FastHufDecoder::decode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29106 Crash type: Heap-buffer-overflow READ 2 Crash state: Imf25::FastHufDecoder::decode Imf25::hufUncompress Imf25::PizCompressor::uncompress...

UBUNTU-CVE-2020-36328

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-22083

Python-jsonpickle allows remote code execution during deserialization of a malicious payload through the decode function...

CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

DEBIAN-CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

Deserialization of untrusted data

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

PYSEC-2020-49

DISPUTED jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must no...

UBUNTU-CVE-2020-22083

DISPUTED jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must no...

CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

cryptacular: excessive memory allocation during a decode operation

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

CVE-2020-0495

In decodeHuffman of JBig2SddProc.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

CVE-2020-0495

In decodeHuffman of JBig2SddProc.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

CVE-2020-0498

In decodepackedentrynumber of codebook.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android...

Prototype Pollution

Overview conf-cfg-ini is an encode and decode ini,conf,cfg files Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be...

Moddable SDK OS Security Vulnerability

Moddable SDK is a set of software development kits SDKs for IoT embedded software development from Moddable, Inc. in the United States. A security vulnerability exists in Moddable SDK versions prior to OS200908, which originates in the moddable/xs/sources/xsCommon.c:916 fxUTF8Decode function...