PT-2022-3386 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.22.1 Description: The issue is related to the decode/encodeBody component of the Envoy proxy, which can lead to uncontrolled resource consumption. An attacker can exploit this by sending a specially crafted zip file,...

Buffer over-flow in Pillow

When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow. Opening an image...

GHSA-HR8G-F6R6-MR22 Buffer over-flow in Pillow

When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow. Opening an image...

Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...

PT-2022-6791 · Gstreamer +8 · Gstreamer +8

Name of the Vulnerable Software and Affected Versions: Gstreamer affected versions not specified Description: The issue is related to an integer overflow in the matroskademux element in the lzo decompression function, which can cause a segfault or potentially a heap overwrite, depending on the li...

PT-2022-6790 · Gstreamer +8 · Gstreamer +8

Name of the Vulnerable Software and Affected Versions: Gstreamer affected versions not specified Description: The issue is related to an integer overflow in the matroskademux element in the bzip decompression function, which can cause a segfault or potentially a heap overwrite, depending on the...

GHSA-59W8-4WM2-4XW8 Django Image Field Vulnerable to Image Decompression Bombs

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

The vulnerability of the UnRAR decompression tool lies in the incorrect limitation of the path name for the restricted access directory, allowing a hacker to re-record any files.

The vulnerability of the UnRAR decompression tool is related to incorrect restrictions on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files using a specially created archive...

[SECURITY] Fedora 36 Update: suricata-6.0.5-1.fc36

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Fedora: Security Advisory for suricata (FEDORA-2022-a2f0201723)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: suricata-6.0.5-1.fc35

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 34 Update: suricata-6.0.5-1.fc34

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

CVE-2022-28196

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blobdecompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and...

CVE-2022-28196

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blobdecompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and...

CVE-2021-26629

A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’...

CVE-2021-26629

A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’...

CVE-2021-26629 tobesoft XPLATFORM Path Traversal Vulnerability

A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’...

GSD-2022-1001973 lz4: fix LZ4_decompress_safe_partial read out of bound

lz4: fix LZ4decompresssafepartial read out of bound This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.111 by commit...

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...