Buffer overflow

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuffzlib.c by rejecting negative lengths to avoid a buffer over-read...

CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuffzlib.c by rejecting negative lengths to avoid a buffer over-read...

CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuffzlib.c by rejecting negative lengths to avoid a buffer over-read...

CVE-2018-14340

CVE-2018-14340 affects Wireshark dissectors that support zlib decompression across Wireshark versions 2.2.0–2.2.15, 2.4.0–2.4.7, and 2.6.0–2.6.1. Root cause: negative lengths in the zlib decompression path could cause a buffer over-read and crash. Mitigation identified in the connected documents ...

CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuffzlib.c by rejecting negative lengths to avoid a buffer over-read...

Wireshark Denial of Service Vulnerability (CNVD-2018-13659)

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the parser used to decompress zlib in Wireshark...

Backup Copy or Replication job using WAN accelerators fails with "Source WAN accelerator error: Failed to decompress LZ4 block"

Challenge A Backup Copy or Replication job that uses WAN accelerator fails with any of the following errors: Error: Source WAN accelerator error: Failed to decompress LZ4 block: Bad crc Error: Source WAN accelerator error: Failed to decompress LZ4 block: Incorrect decompression result or length...

Lizard Denial of Service Vulnerability

Lizard formerly known as LZ5 is a lossless compression software package. A security vulnerability exists in the 'LizarddecompressLIZv1' function lib/lizarddecompressliz.h file in Lizard version 1.0 and LZ5 version 2.0, which stems from the program's failure to correctly detect buffer size. A remo...

Libmobi Remote Code Execution Vulnerability

Libmobi is a C-based language for processing Kindle MOBI format e-book document library . A security vulnerability exists in the 'mobidecompresslz77' function of the compression.c file in Libmobi version 0.3. A remote attacker can exploit this vulnerability to execute code heap-based buffer...

CVE-2018-11496

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

PYSEC-2018-126

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call...

UBUNTU-CVE-2018-10685

In Long Range Zip aka lrzip 0.631, there is a use-after-free in the lzmadecompressbuf function of stream.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

libxml Denial of Service Vulnerability

libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. A security vulnerability exists in the 'xzdecomp' function of the xzlib.c file in libxml2 version 2.9.8. A remote...

UBUNTU-CVE-2018-8098

Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...

dayucms v1.527 File Upload Vulnerability

DayuCMS is a free, open source, flexible and simple CMS system. dayucms v1.527 in the file upload vulnerability , the attacker vulnerability by uploading a zip file containing a Trojan horse , the system will automatically decompress , so as to obtain the webshell...

Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer Overflow Vulnerability

Summary A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. Tested Versions Simple DirectMedia Layer...

[SECURITY] Fedora 27 Update: suricata-4.0.4-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

openSUSE Security Update : p7zip (openSUSE-2018-188)

This update for p7zip fixes the following security issues : - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files bsc984650 - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder bsc1077725 - CVE-2018-5996: Fixed memory corruption in RAR decompression...

SUSE SLED12 / SLES12 Security Update : p7zip (SUSE-SU-2018:0464-1)

This update for p7zip fixes the following issues: Security issues fixed : - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files bsc984650 - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder bsc1077725 - CVE-2018-5996: Fixed memory corruption in RAR...

SUSE-SU-2018:0464-1 Security update for p7zip

This update for p7zip fixes the following issues: Security issues fixed: - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files bsc984650 - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder bsc1077725 - CVE-2018-5996: Fixed memory corruption in RAR...