PT-2025-31420 · Git · C-Blosc2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=414856644 Crash type: Heap-buffer-overflow READ 1 Crash state: ZSTD decompressMultiFrame ZSTD decompressDCtx zstd wrap decompress...

The vulnerability of the Mark-of-the-Web protection mechanism in the 7-Zip archive viewer allows a hacker to execute arbitrary code.

The vulnerability of the Mark-of-the-Web protection mechanism in the 7-Zip archive extractor is related to a breach of the data protection mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code during the decompression of the archive by the user, where the archive...

SUSE CVE-2010-0205

The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...

The vulnerability of the WinZip archive processor relates to the inclusion of a function for processing tags from an unreliable source within the software. This allows attackers to bypass Windows security mechanisms and execute arbitrary code.

The vulnerability of the WinZip archive processor is related to the inclusion of a function for processing “MotW” tags in the software. Exploiting this vulnerability allows an attacker to bypass Windows security mechanisms and execute arbitrary code during the decompression of an archive that...

[SECURITY] Fedora 42 Update: upx-5.0.0-1.fc42

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-1350)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the LoadArchiveFiles function in archive.go. An attacker can disrupt service by supplying an archive whose decompressed size is very large. Remediation Upgrade...

[SECURITY] Fedora 41 Update: upx-5.0.0-1.fc41

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 40 Update: upx-5.0.0-1.fc40

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 41 Update: suricata-7.0.10-1.fc41

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free when processing multiple threads in the workerdecoder function in streamdecodermt.c. An attacker can cause the input buffer to be freed while a worker-specific thread is still writing to it, triggering a crash. Note: The...

CVE-2024-45700

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading t...

DEBIAN-CVE-2024-45700

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading t...

UBUNTU-CVE-2024-45700

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading t...

EulerOS 2.0 SP13 : curl (EulerOS-SA-2025-1313)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...

EulerOS 2.0 SP13 : curl (EulerOS-SA-2025-1330)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...

Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow

An integer overflow in Nethermind Juno before v0.12.5 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop and high CPU usage by submitting a malicious Declare v2/v3 transaction. This results in a...

PT-2025-13278 · Unknown · Nethermind +1

Name of the Vulnerable Software and Affected Versions: Nethermind Juno versions prior to 0.12.5 Description: The issue is caused by an integer overflow within the Sierra bytecode decompression logic in the "cairo-lang-starknet-classes" library. This allows remote attackers to trigger an infinite...

GHSA-G8VQ-V3MG-7MRG Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...

Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...