CVE-2025-70085

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...

CVE-2025-70085

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...

CVE-2025-70085

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...

EUVD-2019-9155

Malware in sbrugna...

CVE-2021-23180

A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in fileextension,in file.c may lead to execute arbitrary code and denial of service...

CVE-2021-23180

CVE-2021-23180 affects htmldoc up to version 1.9.12. Root cause is a null pointer dereference in file_extension() in file.c, potentially allowing arbitrary code execution and denial of service. Public docs identify this vulnerability but do not provide exploit details. Mitigation: upgrade to a fi...

CVE-2020-28951

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uciparsepackage in file.c and ucistrdup in util.c...

SUSE SLED12 / SLES12 Security Update : libcaca (SUSE-SU-2019:2745-1)

This update for libcaca fixes the following issues : Security issues fixed : CVE-2018-20544: Fixed a floating point exception at caca/dither.c bsc1120502 CVE-2018-20545: Fixed a WRITE memory access in the loadimage function at common-image.c for 4bpp bsc1120584 CVE-2018-20546: Fixed a READ memory...

Design/Logic Flaw

There is an illegal WRITE memory access at caca/file.c function cacafileread in libcaca 0.99.beta19...

Stack overflow

An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml...

CVE-2018-20004

An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml...

CVE-2018-20004

An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml...

CVE-2018-9514

In sdcardfsopen of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID:...

CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags...

CVE-2016-9435

CVE-2016-9435 affects the w3m HTML renderer. The HTMLtagproc1 function in file.c does not properly initialize values in w3m before 0.5.3+git20161009, allowing remote attackers to crash the application via a crafted HTML file (notably involving tags). The vulnerability could cause a denial of ser...

mxml stack resource consumption vulnerability

mxml is an XML language for laying out user interfaces in Adobe Flex. A security vulnerability exists in the mxml-file.c file of mxml. An attacker can exploit this vulnerability with the help of a specially crafted xml file to cause stack resource consumption...

CVE-2015-8785

The fusefillwritepages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service infinite loop via a writev system call that triggers a zero length for the first segment of an iov...

CVE-2012-4522

The rbgetpathcheck function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path...

Path traversal

The rbgetpathcheck function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path...

CVE-2012-4522

CVE-2012-4522 affects Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163, where a NUL byte in a file path enables context‑dependent attackers to create files in unintended locations or with unexpected names. The issue arises from rb_get_path_check in file.c and is confirmed by multiple...