LibTIFF 缓冲区错误漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for processing TIFF files.LibTIFF suffers from a buffer overflow vulnerability that originates in TIFFmemcpy in libtiff/tifunix.c:346, which has an out-of-bounds...

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

CVE-2022-3212

::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally:...

CVE-2022-39135

Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...

Apache Calcite 代码问题漏洞

Apache Calcite is an open source framework from the Apache USA Foundation for building databases and data management systems. A code issue vulnerability exists in Apache Calcite versions prior to 1.32.0 that stems from the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM, and EXTRACTVALUE not...

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 48d6ece8.

...

CVE-2022-2953

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8...

Exploit for SQL Injection in Djangoproject Django

CVE-2022-34265 PoC for CVE-2022-34265 --- Description...

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

...

AZL-10593 CVE-2022-2869 affecting package libtiff for versions less than 4.5.0-1

libtiff's tiffcrop tool has a uint32t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering...

DEBIAN-CVE-2022-2831

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumbextract.cc may lead to program crash or memory corruption...

UBUNTU-CVE-2022-2831

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumbextract.cc may lead to program crash or memory corruption...

Integer overflow

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumbextract.cc may lead to program crash or memory corruption...

UBUNTU-CVE-2022-35114

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via extractFrame at /readers/swf.c...

SWFTools 缓冲区错误漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files from the individual developer Matthias Kramm. A security vulnerability exists in SWFTools that stems from a segmentation violation in the extractFrame of the /readers/swf.c file...

PT-2022-22581 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools affected versions not specified Description: A segmentation violation was discovered in SWFTools via the extractFrame function at /readers/swf.c. Recommendations: At the moment, there is no information about a newer version that...

RARLAB UnRAR Directory Traversal Vulnerability

RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract unpack operation...

python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments

A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...

OctoBot WebInterface 0.4.3 - Remote Code Execution Exploit

Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE : CVE-2021-3671...

JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection

Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerability CWE-89. Impact An attacker may execute an arbitrary SQL command. Data in websites built using the product may be alter...