3219 matches found
CVE-2020-6150
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...
CVE-2020-6148
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...
CVE-2020-6150
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...
CVE-2020-6147
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...
Heap overflow
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...
Heap overflow
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...
Heap overflow
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...
CVE-2020-6148
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...
CVE-2020-6150
Four heap overflow CVEs in Pixar OpenUSD 20.05 related to USDC file format decompression of SPECS, FIELDS, FIELDSETS, and PATHS sections. TALOS-2020-1094 details exact code paths (crateFile.cpp) where unvalidated section sizes and mismatched ReadContiguous/decompression buffers allow heap-based o...
CVE-2020-6150
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...
The vulnerability in the jp2/opj_decompress.c component of the OpenJPEG image encoding and decoding library allows a malicious actor to disclose protected information or cause service failures.
The vulnerability of the jp2/opjdecompress.c component in the OpenJPEG image encoding and decoding library is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to disclose protected information or cause service failures...
Cisco Email Security Appliance Zip Content Filter Bypass Vulnerability
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
PT-2020-4621 · Cisco · Cisco Email Security Appliance +1
Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Description: The issue is related to the zip decompression engine of Cisco AsyncOS Software, which is used in Cisco Email Security Appliance. It is caused by improper handling of...
[SECURITY] Fedora 31 Update: suricata-4.1.9-1.fc31
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 32 Update: suricata-5.0.4-1.fc32
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
Updated brotli packages fix security vulnerability
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB CVE-2020-8927...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
OSV-2020-2004 Use-of-uninitialized-value in grk::t1_ht::T1HT::postDecode
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26206 Crash type: Use-of-uninitialized-value Crash state: grk::t1ht::T1HT::postDecode grk::T1Decoder::decompressBlock grk::T1Decoder::decompress...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
CVE-2020-8927
A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a "one-shot" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB. Mitigation This flaw can be mitigated by using...