33 matches found
CVE-2026-12588
The CVE-2026-12588 entry describes a DoS condition in HX devices where an attacker with access to HX 10.0.0 and earlier can send specially crafted data to the HX console. The malicious detection triggers decompression of a large file, consuming excessive system resources and causing denial of ser...
EUVD-2022-51750
Malicious code in bioql PyPI...
CVE-2025-5031
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
Denial Of Service (DoS)
github.com/ackites/killwxapkg is vulnerable to resource consumption. The vulnerability is due to improper handling of wxapkg file decompression also by unknown processing issues, which allows an attacker to remotely trigger a resource consumption attack with high complexity...
CVE-2023-42526
Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Clien...
CVE-2022-4402
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
GHSA-PQQP-7CP8-VXVF Ackites KillWxapkg Zip Bomb Resource Exhaustion
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
Ackites KillWxapkg Zip Bomb Resource Exhaustion
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
CVE-2025-5031
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
CVE-2025-5031 Ackites KillWxapkg wxapkg File Decompression resource consumption
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
GHSA-2WQ5-G96F-MV3V Ouch! allows a segmentation fault due to use of uninitialized memory
When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdatetime". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the...
Ouch! allows a segmentation fault due to use of uninitialized memory
When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdatetime". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the...
RUSTSEC-2024-0374 Segmentation fault due to use of uninitialized memory
When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdatetime". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the...
CVE-2020-22916
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a...
Denial Of Service (DoS)
libclamav.so is vulnerable to Denial of Service DoS attacks. The vulnerability is caused by an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding, resulting in denial of service conditions...
CVE-2022-4402
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2022-4402
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2022-4402 RainyGao DocSys ZIP File Decompression path traversal
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
WithSecure Endpoint Protection 安全漏洞
WithSecure Endpoint Protection is a cloud-native, AI-powered endpoint protection from Finland's WithSecure. It can be deployed instantly from a browser and easily managed from a single console. A security vulnerability exists in WithSecure Endpoint Protection, which stems from the fact that...
CVE-2021-40837
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-0101 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the...