Lucene search
K

333 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-61455

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS0.00249EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42904

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 4 days ago5 views

CVE-2026-61455

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. A crafted ZIP archive can expand to fill available disk space, causing denial of service by exhausting storage resources. This CVE (CVE-20...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-44160 Fluentd: Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's inhttp and inforward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as bodysizelimit and...

7.5CVSS0.0063EPSS
Exploits0References4
CVE
CVE
added 6 days ago19 views

CVE-2026-55195

CVE-2026-55195 affects the py7zr Python library (pre-1.1.3) where Worker.decompress() did not track the total decompressed size. A crafted 7z archive (e.g., 15.6 KB) could expand to ~100 MB, causing disk and memory exhaustion during extraction. This is a denial-of-service risk. The issue is fixed...

8.7CVSS6AI score0.00321EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS0.00408EPSS
Exploits0References4
OSV
OSV
added 6 days ago6 views

BIT-PILLOW-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4
OSV
OSV
added 6 days ago7 views

BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS5.9AI score0.00364EPSS
Exploits1References4
OSV
OSV
added 6 days ago6 views

BIT-PILLOW-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References4
OSV
OSV
added 6 days ago7 views

BIT-PILLOW-2026-54059 Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` — bomb protection bypass via PCF font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS5.9AI score0.00354EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added last week9 views

SUSE CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added last week9 views

SUSE CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 7:17 p.m.7 views

CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS0.00361EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 7:17 p.m.8 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS0.00364EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 7:17 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS0.00361EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/06 6:52 p.m.5 views

EUVD-2026-41902

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 6:52 p.m.4 views

CVE-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:52 p.m.5 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/07/06 6:52 p.m.17 views

CVE-2026-55379

Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...

7.5CVSS6AI score0.00364EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/06 6:50 p.m.33 views

CVE-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS0.00361EPSS
Exploits1References3
Rows per page
Query Builder