Buffer overflow in Brotli decompression — Mozilla

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered...

PT-2018-12658

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha Description An issue was discovered in the CHM decompression functionality of libmspack, specifically in the mspack/chmd.c file. The problem lies in an off-by-one error within the TOLOWER macro...

Design/Logic Flaw

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

UBUNTU-CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

CVE-2015-2278

CVE-2015-2278 and CVE-2015-2282 affect SAP products via the LZH/LZC decompression paths. The root causes are in the LZH BuildHufTree function (vpa108csulzh.cpp) and the LZC decompression logic (vpa106cslzc.cpp), where attacker-controlled indices can trigger out-of-bounds reads/writes. Affected so...

Backup Copy Job Failures when using ExaGrid de-duplicating storage

Challenge Backup Copy Jobs can fail when writing to ExaGrid storage. Cause De-duplicating storage can incorrectly update existing backup files during Veeam "merge" operation. Solution Make sure your ExaGrid Storage firmware version is 4.7.0 P52 or newer. For additional information please contact...

Lhaplus vulnerable to directory traversal

Overview Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. akirayou of Nico-TECH reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

JVN#02527990: Lhaplus vulnerable to directory traversal

Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact Decompressing a file with a specially crafted file name may result in a creation of an arbitrary file or an overwrite of an...

Mandriva Linux Security Advisory : cabextract (MDVSA-2015:064)

Updated cabextract packages fix security vulnerabilities : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...

[SECURITY] Fedora 22 Update: libmspack-0.5-0.1.alpha.fc22

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

[SECURITY] Fedora 21 Update: libmspack-0.5-0.1.alpha.fc21

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

[SECURITY] Fedora 20 Update: libmspack-0.5-0.1.alpha.fc20

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...

DEBIAN-CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...

CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...

UBUNTU-CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...

CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...

Mandriva Linux Security Advisory : cabextract (MDVSA-2015:041)

Updated cabextract packages fix security vulnerability : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...

Updated cabextract packages fix CVE-2014-9556

Updated cabextract packages fix security vulnerability: Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...

PYSEC-2015-16

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed...