3 matches found
hot-formula-parser package for Node.js command injection vulnerability
hot-formula-parser package for Node.js is an Excel math formula parser for Node.js. A command injection vulnerability exists in grammar-parser.jison in the hot-formula-parser package for Node.js versions prior to 3.0.1. An attacker can use this vulnerability to execute arbitrary commands on the...
USN-545-1: link-grammar vulnerability
Alin Rad Pop discovered that AbiWord's Link Grammar parser did not correctly handle overly-long words. If a user were tricked into opening a specially crafted document, AbiWord, or other applications using Link Grammar, could be made to crash...
Link Grammar SEPARATE_WORD函数远程缓冲区溢出漏洞
Link Grammar Parser是一款链语法分析器。 Link Grammar Parser包含的"separateword"函数存在边界错误,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 当传递超长字符到tokenize.c中的"separateword"函数时存在边界错误。通过特殊构建的语句传递给"separatesentence"函数,可导致基于堆栈的缓冲区溢出。 Link Grammar Link Grammar 4.1b AbiSource Community Link Grammar 4.2.4 目前没有解决方案提供:...