Astra Linux - уязвимость в p7zip

7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...

EUVD-2021-28053

Malicious code in bioql PyPI...

CVE-2022-47111

7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected...

CVE-2025-25942

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released...

AnythingLLM Resource Management Error Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from a resource management error vulnerability that stems from a denial of service that can be caused by uploading a large number of invalid files...

SUSE CVE-2020-15389

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

CVE-2022-31089 Invalid file request can crashe parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability...

CVE-2021-40898

A Regular Expression Denial of Service ReDOS vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files...

Denial of service

A Regular Expression Denial of Service ReDOS vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files...

scaffold-helper 安全漏洞

scaffold-helper is able to copy files and folders from a source directory to a destination directory using template styles in template files. scaffold-helper version v1.2.0 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service when copying invalid...

CVE-2022-30595

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files...

AZL-44193 CVE-2020-15389 affecting package openjpeg2 2.3.1-12

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

Double free

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

CVE-2018-3738

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files...

SUSE-SU-2017:0225-1 Security update for gstreamer-0_10-plugins-good

gstreamer-010-plugins-good was updated to fix six security issues. These security issues were fixed: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write bsc1012102 - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write bsc1012103 -...

Buffer overflow in libstagefright during MP4 video playback — Mozilla

Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video playback when certain invalid MP4 video files led to the allocation of a buffer that was too small for the content. This led to a potentially exploitable crash...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2501-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2501-1 advisory. Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a...

USN-2501-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...

Ubuntu AccountsService privilege escalation

Invalid files caching...

Equis MetaStock 11 - Use-After-Free

Luigi Auriemma Application: Equis MetaStock http://www.equis.com Versions: = 11 Platforms: Windows Bug: use after free Exploitation: file Date: 06 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix =============== 1 Introduction...