KillWxapkg 资源管理错误漏洞

KillWxapkg is an automated decompiler of WeChat applets by Antkites individual developers. A resource management error vulnerability exists in KillWxapkg 2.4.1 and earlier versions, which stems from improper handling of wxapkg file decompression, which can lead to resource consumption...

Heap Based Buffer Overflow

openexr is vulnerable to a heap-based buffer overflow. The vulnerability is due to bad pointer math during decompression of DWAA-packed scan-line EXR files with a maliciously forged chunk, which allows an attacker to trigger memory corruption and potentially execute arbitrary code...

AZL-61829 CVE-2025-47436 affecting package orc 0.4.31-4

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...

AZL-61836 CVE-2025-47436 affecting package orc 0.4.39-2

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...

CVE-2025-47436 Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...

K000151312: cURL vulnerability CVE-2025-0725

Security Advisory Description When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. CVE-2025-0725...

Apache ORC 安全漏洞

Apache ORC is a high-performance columnar storage format from the Apache Foundation, designed for the Hadoop ecosystem to optimize big data query and analysis performance. A security vulnerability exists in Apache ORC 2.1.1 and earlier versions, which stems from a heap buffer overflow in the LZO...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1502)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-1502)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option,using zlib...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-1503)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option,using zlib...

[SECURITY] Fedora 41 Update: xz-5.8.1-2.fc41

XZ Utils are an attempt to make LZMA compression easy to use on free as in freedom operating systems. This is achieved by providing tools and libraries which are similar to use than the equivalents of the most popular existing compression algorithms. LZMA is a general purpose compression algorith...

[SECURITY] Fedora 40 Update: xz-5.8.1-2.fc40

XZ Utils are an attempt to make LZMA compression easy to use on free as in freedom operating systems. This is achieved by providing tools and libraries which are similar to use than the equivalents of the most popular existing compression algorithms. LZMA is a general purpose compression algorith...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1408)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1407)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...

USN-7476-1 python-scrapy vulnerabilities

It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during redirects. An attacker could use this issue to gain unauthorized access to user accounts. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-41125 It was...

OSV-2025-312 Heap-buffer-overflow in ZSTD_decompressMultiFrame

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=414856644 Crash type: Heap-buffer-overflow READ 1 Crash state: ZSTDdecompressMultiFrame ZSTDdecompressDCtx zstdwrapdecompress...

PT-2025-31420 · Git · C-Blosc2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=414856644 Crash type: Heap-buffer-overflow READ 1 Crash state: ZSTD decompressMultiFrame ZSTD decompressDCtx zstd wrap decompress...

The vulnerability of the Mark-of-the-Web protection mechanism in the 7-Zip archive viewer allows a hacker to execute arbitrary code.

The vulnerability of the Mark-of-the-Web protection mechanism in the 7-Zip archive extractor is related to a breach of the data protection mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code during the decompression of the archive by the user, where the archive...

SUSE CVE-2010-0205

The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...

The vulnerability of the WinZip archive processor relates to the inclusion of a function for processing tags from an unreliable source within the software. This allows attackers to bypass Windows security mechanisms and execute arbitrary code.

The vulnerability of the WinZip archive processor is related to the inclusion of a function for processing “MotW” tags in the software. Exploiting this vulnerability allows an attacker to bypass Windows security mechanisms and execute arbitrary code during the decompression of an archive that...