libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c...

SUSE CVE-2023-30775

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c...

PT-2023-17844 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the sms ExtractCbLanguage function of sms CellBroadcast.c due to a missing bounds check. This could lead to remote information disclosure with no additional...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup a...

@wmfs/addressbase-plus-blueprint (>=1.1.0 <=1.182.0), @wmfs/addressbase-premium-blueprint (>=1.0.0 <=1.185.0) +50 more potentially affected by CVE-2023-26132 via dottie (>=2.0.0 <=2.0.3)

dottie NPM version =2.0.0, =1.1.0, =1.0.0, =1.0.0, =1.11.0, =1.10.0, =1.0.0, =1.0.0, =1.0.0, =1.27.0, =1.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.8.0 and more Source cves: CVE-2023-26132 Source advisory: SNYK:JS-DOTTIE-3332763...

Malicious Package

Overview wf-extract-text-in-image2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

SUSE CVE-2004-0007

Buffer overflow in the Extract Info Field Function for 1 MSN and 2 YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code...

SUSE CVE-2006-3178

Directory traversal vulnerability in extractchmLib example program in CHM Lib chmlib before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. dot dot in their filename...

SUSE CVE-2011-0420

The graphemeextract function in the Internationalization extension Intl for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service crash via an invalid size argument, which triggers a NULL pointer dereference...

SUSE CVE-2011-0752

The extract function in PHP before 5.2.15 does not prevent use of the EXTROVERWRITE parameter to overwrite 1 the GLOBALS superglobal array and 2 the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended t...

SUSE CVE-2013-4473

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a source filename...

SUSE CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. dot dot in a ZIP archive entry that is mishandled during an extractTo call...

SUSE CVE-2015-8929

Memory leak in the archivereadgetextract function in archivereadextract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file...

SUSE CVE-2016-4007

Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...

SUSE CVE-2017-5332

The extractgroupiconcursorresource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

SUSE CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extracticons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash...

SUSE CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simplevec" function in the "extract.c" source file. This affects icotool...

SUSE CVE-2017-20006

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile...

SUSE CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

SUSE CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...