AZL-44643 CVE-2021-3575 affecting package openjpeg2 2.3.1-12

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420torgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg...

unzip buffer overflow vulnerability (CNVD-2022-11523)

Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...

CVE-2021-40837

A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-0101 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the...

F-Secure antivirus engine 安全漏洞

F-secure F-Secure antivirus engine is a security engine from the Finnish company F-Secure F-secure. A security vulnerability exists in F-Secure antivirus engine, which originates from the decompression of an ACE file that causes the scanner service to stop. An attacker can remotely exploit the...

Mageia: Security Advisory (MGASA-2014-0280)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-45935

Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress called from std::1::packagedtaskfuncstd::1::bindgrk::T1DecompressScheduler::deco and std::1::packagedtaskint...

DEBIAN-CVE-2021-45935

Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress called from std::1::packagedtaskfuncstd::1::bindgrk::T1DecompressScheduler::deco and std::1::packagedtaskint...

RUSTSEC-2021-0131 Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. An updated version of brotli-sys has not...

Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. An updated version of brotli-sys has not...

Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. If one cannot update the C library, its...

Teamcenter Active Workspace Path Traversal Vulnerability

Teamcenter Active Workspace is a web application for accessing the Teamcenter system. Teamcenter Active Workspace path traversal vulnerability, where the application contains an insecure decompression mode, could lead to a compressed path traversal attack. An attacker could use this vulnerability...

Siemens Teamcenter Active Workspace 路径遍历漏洞

Teamcenter Active Workspace is a web application for accessing the Teamcenter system. Teamcenter Active Workspace path traversal vulnerability, where the application contains an insecure decompression mode, could lead to a compressed path traversal attack. An attacker could use this vulnerability...

Fedora: Security Advisory for suricata (FEDORA-2021-c7fd9e9126)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: suricata-6.0.4-1.fc34

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 35 Update: suricata-6.0.4-1.fc35

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

OESA-2021-1441 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: An...

UBUNTU-CVE-2021-21898

A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

Denial Of Service (DoS)

busybox is vulnerable to denial of service. An out-of-bounds heap read in unlzma leads to information leak and application crash when crafted LZMA-compressed input is decompressed...

openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

Mozilla Firefox Security Advisory (MFSA2016-30) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...