Lucene search
K

178 matches found

OSV
OSV
added 2022/03/11 11:39 p.m.23 views

GHSA-4FX9-VC88-Q2XC Infinite loop in Pillow

JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder. If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file...

7AI score
Exploits0References3
OSV
OSV
added 2021/09/21 10:10 p.m.5 views

CLSA-2021-1632262221 Fix of CVE: CVE-2020-8517, CVE-2021-28651, CVE-2020-15049, CVE-2020-8449, CVE-2020-8450, CVE-2020-24606, CVE-2020-25097, CVE-2020-11945, CVE-2020-14058

CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack - CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-25097: fix improper input validation allowing HTTP smuggling from trusted client -...

9.9CVSS7.1AI score0.7179EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/06/28 12:0 a.m.28 views

EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-1980)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the...

7.5CVSS8AI score0.02543EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/06/05 12:0 a.m.12 views

PT-2024-11166 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to data corruption caused by the fallocate function in the Linux kernel. When fallocate punches holes out of inode size and the original isize is in the middle of...

7.8CVSS7AI score0.08555EPSS
Exploits6References1089
NVD
NVD
added 2021/03/11 12:15 a.m.26 views

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

7.5CVSS0.02543EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/10 11:54 p.m.35 views

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

7.8AI score0.02543EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2021/03/10 11:54 p.m.64 views

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

7.5CVSS7.7AI score0.02543EPSS
Exploits0
FreeBSD
FreeBSD
added 2021/03/05 12:0 a.m.49 views

go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open

The Go project reports: The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element. The Reader.Open API, new in Go 1.16, will panic wh...

6.7AI score
Exploits0References2
Veracode
Veracode
added 2020/12/06 3:43 a.m.26 views

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service. The vulnerability existed in ReadXBMImage due to lack of an EOF End of File...

6.5CVSS2.9AI score0.02122EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/08/24 6:15 p.m.9 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

8.6CVSS5.4AI score0.05162EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.34 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0227)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libjpeg-turbo packages installed that are affected by multiple vulnerabilities: - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute...

8.8CVSS7.2AI score0.05074EPSS
Exploits4References7
Amazon
Amazon
added 2019/11/04 12:0 a.m.60 views

Medium: libjpeg-turbo

Issue Overview: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file.CVE-2016-3616 A divide by zero vulnerability has been discovered in libjpeg-turbo in allocsarray function o...

8.8CVSS8.1AI score0.05074EPSS
Exploits4
Veracode
Veracode
added 2019/08/08 12:7 a.m.33 views

Denial Of Service (Dos)

libjpeg-turbo is vulnerable to denial of service. Mishandling of EOF in the function readpixel in rdtarga.c results in an infinite loop that leads to a denial of service condition...

7.5CVSS2.2AI score0.03162EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2019/07/29 4:15 p.m.21 views

CVE-2019-14267

PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled...

7.8CVSS7.2AI score0.07078EPSS
Exploits5References6
UbuntuCve
UbuntuCve
added 2019/07/29 4:15 p.m.22 views

CVE-2019-14267

PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled...

7.8CVSS7.3AI score0.07078EPSS
Exploits5References5
Prion
Prion
added 2019/07/29 4:15 p.m.22 views

Buffer overflow

PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled...

6.8CVSS7.6AI score0.07078EPSS
Exploits5References6Affected Software2
0day.today
0day.today
added 2019/07/27 12:0 a.m.59 views

pdfresurrect 0.15 - Buffer Overflow Exploit

Exploit Title: pdfresurrect 0.15 Buffer Overflow Exploit Author: j0lama Vendor Homepage: https://github.com/enferex/pdfresurrect Software Link: https://github.com/enferex/pdfresurrect Version: 0.15 Tested on: Ubuntu 18.04 CVE : CVE-2019-14267 Description =========== PDFResurrect 0.15 has a buffer...

7.8CVSS7.6AI score0.07078EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/07/26 12:0 a.m.118 views

pdfresurrect 0.15 Buffer Overflow

Exploit Title: pdfresurrect 0.15 Buffer Overflow Date: 2019-07-26 Exploit Author: j0lama Vendor Homepage: https://github.com/enferex/pdfresurrect Software Link: https://github.com/enferex/pdfresurrect Version: 0.15 Tested on: Ubuntu 18.04 CVE : CVE-2019-14267 Description =========== PDFResurrect...

1.1AI score0.07078EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.22 views

EulerOS Virtualization 2.5.3 : libjpeg-turbo (EulerOS-SA-2019-1159)

According to the version of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - libjpeg 9c has a large loop because readpixel in rdtarga.c mishandles EOF.i1/4^CVE-2018-11813i1/4%0 Note that Tenable Network...

7.5CVSS6.3AI score0.03162EPSS
Exploits0References2
Prion
Prion
added 2018/08/16 3:29 p.m.18 views

Design/Logic Flaw

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite...

4.3CVSS5.8AI score0.05253EPSS
Exploits0References17Affected Software2
Rows per page
Query Builder