Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadObject function in the Cnut File Handler process. An attacker can achieve arbitrary code execution, data corruption, or application crash by providing crafted input that triggers a heap-based buffe...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the recvfiles function. An attacker can cause the client process to crash by sending a specially crafted file list from a malicious server, which manipulates compatibility flags and transfer records to trigger an...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wceccimportx963ex function when handling EC public key points in the KCAPI ECC code path. An attacker can cause memory corruption and potentially execute arbitrary code by sending a crafted oversized EC...

Access of Uninitialized Pointer

Overview Affected versions of this package are vulnerable to Access of Uninitialized Pointer in ReadJBIGImage in jbig.c. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit Credit: zerojackyi...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the debugrnglists function. An attacker can cause the application to enter a non-terminating output loop by supplying a crafted binary with malformed DWARF, resulting in repeated warning messages and requiring manual...

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the MSL interpreter. An attacker can cause the application to crash by submitting an image file containing a malicious MSL element. Remediation A fix was pushed into the master branch but not yet published...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the Regexp compilation process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted regular expression source string. Remediation A fix was pushed into the master branch bu...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via improper enforcement of the arrayLimit option in bracket notation parsing. An...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the dumpdwarfsection function. An attacker can cause a denial of service by providing specially crafted input that triggers an out-of-bounds read during processing. Remediation A fix was pushed into the master...

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow via the WebP Image Decoding functionality. An attacker can execute arbitrary code by enticing a user to open a specially crafted .webp animation file, which triggers an integer overflow during stride...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the DDL component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Details Denial of Service DoS describes a family of attacks, al...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the StreamImage function in the stream.c file. An attacker can cause resource exhaustion by submitting specially crafted image files. Remediation A fix was pushed into the master branch but not yet published...

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size due to an incorrect calculation of buffer size during the multispectral MIFF processing. An attacker can cause a denial of service by exploiting this buffer size miscalculation. Remediation A fix was...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation due to the behavior of the DisableForwarding directive in sshd8, which fails to disable X11 forwarding and agent forwarding by default. An attacker can bypass intended security restrictions. Remediation A fix...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to a floating-point exception in the PSStack::roll function. An attacker can cause the application to crash by providing malformed inputs associated with INTMIN. Remediation Upgrade poppler to version...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to the torch.lstmcell function. An attacker can corrupt memory by manipulating the function's input. Note: This is only exploitable if the attacker has local access to the system. Remediation A fix was pushed int...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the component rleUncompress. Remediation Upgrade tinyexr to version 1.0.6 or higher. References - GitHub Commit - GitHub Issue - GitHub PR Credit: 0xdd96...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filterbv via crafted djvu file may lead to application crash and other consequences. Remediation A fix was pushed into the...

Man-in-the-Middle (MitM)

Overview em-imap is a gem that allows you to connect to an IMAP4rev1 server in a non-blocking fashion. Affected versions of this package are vulnerable to Man-in-the-Middle MitM. The hostname in a TLS server certificate is not verified. An attacker can assume the identity of a trusted server and...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read usrsctp before 2019-12-20 has out-of-bounds reads in sctploadaddressesfrominit. Remediation A fix was pushed into the master branch but not yet published. References - Chromium Bugs - GitHub Commit...