LibTIFF tiffcrop.c:3516 Buffer Overflow Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. LibTIFF suffers from a buffer overflow vulnerability that originates from a boundary error in tiffcrop at tools/tiffcrop.c:3516 when processi...

OESA-2023-1078 libXpm security update

X.Org X11 libXpm runtime library Security Fixes: A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user t...

AZL-13248 CVE-2022-4883 affecting package libXpm for versions less than 3.5.17-1

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Design/Logic Flaw

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2022-44617

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...

CVE-2022-44617

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...

CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

Memory corruption

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

PT-2023-12221 · Openeuler · Byacc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: When a file is processed, an infinite loop occurs in the next inline function of the more curly function. Recommendations: At the moment, there is no...

CVE-2021-33642

CVE-2021-33642 (byacc) is confirmed to cause an infinite loop in next_inline() inside the more_curly() function when processing files. Connected sources enumerate affected packages across multiple Linux distributions (e.g., Red Hat, Amazon Linux, EulerOS, OpenVAS entries), with CVE-2021-33641 als...

CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

PT-2023-10249 · Unknown · Copperwall Twiddit

Name of the Vulnerable Software and Affected Versions: copperwall Twiddit affected versions not specified Description: A critical issue affects the processing of the file index.php, leading to sql injection. The estimated number of potentially affected devices worldwide is not available. There is...

DEBIAN-CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2009-10002 dpup fittr-flickr EXIF Preview easy-exif.js cross site scripting

A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated...

PT-2023-10198 · Foxoverflow · Mysimplifiedsql

Name of the Vulnerable Software and Affected Versions: foxoverflow MySimplifiedSQL affected versions not specified Description: A problematic issue has been found in foxoverflow MySimplifiedSQL, affecting the processing of the file MySimplifiedSQL Examples.php. The manipulation of the...

CVE-2022-4602

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...