[SECURITY] Fedora 28 Update: libmspack-0.9.1-0.1.alpha.fc28

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

[SECURITY] Fedora 29 Update: libmspack-0.9.1-0.1.alpha.fc29

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

DEBIAN-CVE-2018-16402

libelf/elfend.c in elfutils 0.173 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact because it tries to decompress twice...

CVE-2018-16402

libelf/elfend.c in elfutils 0.173 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact because it tries to decompress twice...

[SECURITY] Fedora 27 Update: libmspack-0.7-0.1.alpha.fc27

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

GHSA-8225-6CVR-8PQP superagent vulnerable to zip bomb attacks

Affected versions of superagent do not check the post-decompression size of ZIP compressed HTTP responses prior to decompressing. This results in the package being vulnerable to a ZIP bomb attack, where an extremely small ZIP file becomes many orders of magnitude larger when decompressed. This ma...

[SECURITY] Fedora 28 Update: libmspack-0.7-0.1.alpha.fc28

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression...

CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression...

CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression...

CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression...

CVE-2017-3188

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

Path traversal

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuffzlib.c by rejecting negative lengths to avoid a buffer over-read...

CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuffzlib.c by rejecting negative lengths to avoid a buffer over-read...

DEBIAN-CVE-2018-14369

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression...

CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuffzlib.c by rejecting negative lengths to avoid a buffer over-read...

CVE-2018-14340

CVE-2018-14340 affects Wireshark dissectors that support zlib decompression across Wireshark versions 2.2.0–2.2.15, 2.4.0–2.4.7, and 2.6.0–2.6.1. Root cause: negative lengths in the zlib decompression path could cause a buffer over-read and crash. Mitigation identified in the connected documents ...

CVE-2018-11496

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

UBUNTU-CVE-2018-8098

Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...