EUVD-2025-142879

Malicious code in buta-fiona-infa npm...

Heap-based Buffer Overflow

fiona is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper handling of long filenames, comments, or extra fields in within zlib components that contain integer overflow vulnerabilities, which can result in an application crash or potential code execution...

Denial Of Service (DoS)

fiona is vulnerable Denial of Service DoS. The vulnerability is due to the bundled libjpeg-turbo and gdal components which contain Denial of Service vulnerabilities, which could potentially result in an application crash...

Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib

Summary Vulnerability scan of fiona shows CVE-2023-45853. The vulnerability is in GDAL, a dependency of fiona. Details Fiona depends on GDAL and GDAL has a port of minizip. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a...

GHSA-Q5FM-55C2-V6J9 Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib

Summary Vulnerability scan of fiona shows CVE-2023-45853. The vulnerability is in GDAL, a dependency of fiona. Details Fiona depends on GDAL and GDAL has a port of minizip. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a...

Fiona affected by CVE-2020-14152 related to madler-zlib

Summary Vulnerability scan of fiona shows CVE-2020-14152. The vulnerability is in libjpeg, a transitive dependency of fiona via GDAL and PROJ. Details In IJG JPEG aka libjpeg before 9d, jpegmemavailable in jmemnobs.c in djpeg does not honor the maxmemorytouse setting, possibly causing excessive...

GHSA-G4M4-9Q4C-MFW6 Fiona affected by CVE-2020-14152 related to madler-zlib

Summary Vulnerability scan of fiona shows CVE-2020-14152. The vulnerability is in libjpeg, a transitive dependency of fiona via GDAL and PROJ. Details In IJG JPEG aka libjpeg before 9d, jpegmemavailable in jmemnobs.c in djpeg does not honor the maxmemorytouse setting, possibly causing excessive...

OPENSUSE-SU-2024:14085-1 fiona-fio-1.9.6-1.1 on GA media

These are all security issues fixed in the fiona-fio-1.9.6-1.1 package on the GA media of openSUSE Tumbleweed...

fiona-schmidt.fr XSS vulnerability

Open Bug Bounty ID: OBB-531516 Description| Value ---|--- Affected Website:| fiona-schmidt.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...