4783 matches found
XPDF 安全漏洞
XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF commit id ffaf11c has a security vulnerability that originates from /xpdf/Lexer.cc in Lexer::getObjObject contains a global buffer overflow...
DEBIAN-CVE-2022-28131
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...
AZL-10531 CVE-2022-28131 affecting package golang for versions less than 1.18.5-1
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...
golang: encoding/pem: fix stack overflow in Decode
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...
CVE-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...
CVE-2022-28664
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...
CVE-2022-28665
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...
CVE-2022-28664
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...
Memory corruption
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...
CVE-2022-28665
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...
CVE-2022-28664
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...
CVE-2022-28664
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...
OESA-2022-1808 ffmpeg security update
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: trackheader in...
PT-2022-19151 · Unknown +1 · Freshtomato +1
Name of the Vulnerable Software and Affected Versions: FreshTomato version 2022.1 Description: A memory corruption issue exists in the httpd unescape functionality. This can be triggered by a specially-crafted HTTP request, leading to memory corruption. An attacker can exploit this by sending a...
PT-2022-19150 · Unknown +1 · Freshtomato +1
Name of the Vulnerable Software and Affected Versions: FreshTomato version 2022.1 Description: A memory corruption issue exists in the httpd unescape functionality. This can be triggered by a specially-crafted HTTP request, leading to memory corruption. An attacker can exploit this by sending a...
SUSE-SU-2022:2673-1 Security update for python-ujson
This update for python-ujson fixes the following issues: - CVE-2022-31116: Fixed improper decoding of escaped surrogate characters bsc1201255. - CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding bsc1201254...
FreeBSD : go -- decoding big.Float and big.Rat can panic (7f8d5435-125a-11ed-9a69-10c37b4ac2ea)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7f8d5435-125a-11ed-9a69-10c37b4ac2ea advisory. - The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic Decoding...
Uncaught Exception
Overview std/math/big is a Go standard library package std/math/big Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report:Decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...
GO-2022-0537 Panic when decoding Float and Rat types in math/big
Decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...
[SECURITY] Fedora 36 Update: golang-github-rwcarlsen-goexif-0-0.10.20191017git9e8deec.fc36
This package provides decoding of basic exif and tiff encoded data...