CVE-2024-57072

CVE-2024-57072 affects the module-from-string package (version 3.3.1) via a prototype pollution flaw in the lib.requireFromString function that can cause a Denial of Service (DoS) when a crafted payload is supplied. Exploitation status is not detailed in the provided documents. Remediation guidan...

CVE-2024-57072

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

PT-2025-5771 · Unknown · Module-From-String

Name of the Vulnerable Software and Affected Versions: module-from-string version 3.3.1 Description: A prototype pollution in the lib.requireFromString function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For module-from-string version 3.3.1...

SUSE CVE-2019-8341

An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...

The vulnerability of the _convert_from_str() function in the numpy.core module of the NumPy library allows a hacker to initiate data copying.

The vulnerability of the convertfromstr function in the numpy.core module of the NumPy library for Python is related to incorrect string comparisons. Exploiting this vulnerability could allow a malicious actor to initiate data copying through specially created objects...

PT-2022-25863 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: A heap overflow issue was discovered in the AP4 Atom::TypeFromString function within the mp4tag component. Recommendations: For Bento4 version 1.6.0-639, consider avoiding the use of the AP4...

The vulnerability in the implementation of the LoadFromFile, LoadFromString, or LoadFromStream functions of the PDF Quick PDF Library allows a perpetrator to trigger a service failure.

The vulnerability of the implementation of the LoadFromFile, LoadFromString, or LoadFromStream functions in the PDF handling library of the Quick PDF Library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to trigger a...

OSV-2018-138 Heap-buffer-overflow in parse_odp_key_mask_attr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11160 Crash type: Heap-buffer-overflow READ 1 Crash state: parseodpkeymaskattr odpflowfromstring parsekeys...

The vulnerability of the `from_string` function in the Jinja2 templater, which allows an attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the fromstring function in the Jinja2 templater for the Python programming language is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...

PT-2019-1631 · Pallets +3 · Jinja2 +3

Name of the Vulnerable Software and Affected Versions: Jinja2 version 2.10 Description: An issue was discovered in the from string function of Jinja2, which is prone to Server Side Template Injection SSTI. The function takes the source parameter as a template object, renders it, and then returns...

CVE-2018-20247

In Foxit Quick PDF Library all versions prior to 16.12, issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow...

UBUNTU-CVE-2018-5711

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...