CVE-2018-14550

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function gettoken in pnm2png.c in pnm2png...

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

UBUNTU-CVE-2020-5313

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...

Integer overflow

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

PYSEC-2020-81

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

UBUNTU-CVE-2020-5312

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow...

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

PT-2020-5161 · Pillow +1 · Pillow +1

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is related to a TIFF decoding integer overflow in the libImaging/TiffDecode.c file of the Pillow library. This overflow is connected to the realloc function. The exploitation of this issue...

PT-2020-5162 · Python Imaging Library +3 · Pillow +3

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is related to a buffer overflow in the SGI RLE decoding process. This can potentially allow a remote attacker to cause a denial of service. The estimated number of potentially affected...

CVE-2019-5275

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate ...

CVE-2019-10511

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098,...

CVE-2019-10485

CVE-2019-10485 involves an infinite loop when decoding compressed data that can cause an overrun condition in various Snapdragon platforms (Auto, Compute, IoT, Mobile, Wearables, etc.). The issue affects a broad set of Qualcomm/Snapdragon components and is driven by a decoding loop condition, as ...

httpd: mod_session_cookie does not respect expiry time

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2528)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2decodegrayscaleimage...

Apk-Mitm - A CLI Application That Prepares Android APK Files For HTTPS Inspection

A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to...

Hacking Hardware Password Managers: Royal Vault Password Keeper

TL;DR: Taking three hardware password managers I used them to: Learn the basics of hardware hacking Practice disassembling Perform chipset research Understand pinouts and protocols Read data off each device The royal password vault boards looked to be reused from a previous hardware device with...

GHSA-2MRJ-435V-C2CR Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pwfw-mgfj-7g3g. This link is maintained to preserve external references...

CVE-2019-14853

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...