CVE-2024-57850 jffs2: Prevent rtime decompress memory corruption

In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rtime decompression routine for the JFFS2 file system not adequately checking boundaries, which could le...

OESA-2025-1031 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...

DEBIAN-CVE-2024-56827

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opjdecompress utility. This can lead to an application crash or other undefined behavior...

UBUNTU-CVE-2024-56827

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opjdecompress utility. This can lead to an application crash or other undefined behavior...

SUSE CVE-2024-56827

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opjdecompress utility. This can lead to an application crash or other undefined behavior...

PT-2025-34389

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free UAF vulnerability within the f2fs file system compression functionality, specifically in the f2fs free dic function. The issue occurs when th...

PT-2025-49261

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.0 through 2.5.16 Description urllib3 is a Python HTTP client library. Versions prior to 2.6.0 have an issue in the Streaming API where it improperly handles highly compressed data. The decompression logic can cause excessive...

PT-2025-49260

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.24 through 2.5.9 Description urllib3 is a user-friendly HTTP client library for Python. In versions starting from 1.24 and prior to 2.6.0, the decompression chain had an unbounded number of links. This allowed a malicious...

bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

A data integrity error was found in the bzip2 User-space package functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results or corrupted data as result of decompressing these files...

GHSA-X3F4-45XF-RJM7 `ruzstd` uninit and out-of-bounds memory reads

Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copybytesovershooting of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data wh...

Fedora: Security Advisory (FEDORA-2024-632b468c59)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

`ruzstd` uninit and out-of-bounds memory reads

Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copybytesovershooting of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data wh...

PT-2024-40946 · Ruzstd · Ruzstd

Name of the Vulnerable Software and Affected Versions: ruzstd affected versions not specified Description: The issue arises from miscalculations in the length of the allocated and init section of the internal RingBuffer in ruzstd. This leads to uninitialized or out-of-bounds reads in copy bytes...

7-Zip Zstandard Decompression Integer Underflow Vulnerability - Windows

7zip is prone to a zstandard decompression integer underflow vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Remote Code Execution (RCE)

7-Zip is vulnerable to remote code execution RCE. The vulnerability is due to improper validation of user-supplied data in the Zstandard decompression implementation, causing an integer underflow that allows attackers to execute arbitrary code in the context of the current process...

CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

DEBIAN-CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

UBUNTU-CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...