214 matches found
PT-2021-7871 · Openjpeg2 +11 · Openjpeg2 +11
Name of the Vulnerable Software and Affected Versions: openjpeg2 version 2.4.0 Description: A flaw was found in the opj2 decompress program in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it...
UBUNTU-CVE-2021-24025
Due to incorrect string size calculations inside the pregquote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 an...
Katy Voor HHVM 输入验证错误漏洞
Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from an incorrect string size calculation in the pregquote function, where a large input string passe...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow. An attacker could control the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. Remediation Upgrade brotli to version...
Integer overflow
Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT...
The vulnerability of the HTMLParser module from django.utils.html.strip_tags in the Django web development framework allows a attacker to cause a denial-of-service attack.
The vulnerability of the HTMLParser module in django.utils.html.striptags of the Django web development framework is related to a slow evaluation of large input data, which contain large sequences of incomplete HTML objects. Exploiting this vulnerability may allow an attacker to cause service...
The vulnerability of the console-based graphic editor ImageMagick, which allows a hacker to trigger a service failure
The vulnerability of the console-based graphic editor ImageMagick is caused by a numerical overflow. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure termination of the application by sending large input data...
CoreCrypto Component Denial of Service Vulnerability in Multiple Apple Products
Apple tvOS is a smart TV operating system. apple iTunes for Windows is a Windows-based media player application. apple iCloud for Windows is a Windows-based cloud service. apple iCloud for Windows is a Windows-based media player application. apple iTunes for Windows is a Windows-based media playe...
ALPINE-CVE-2019-17543
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...
DEBIAN-CVE-2019-17543
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...
GHSA-9CP3-FH5X-XFCJ Regular Expression Denial of Service in charset
Affected versions of charset are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...
GHSA-G7Q5-PJJR-GQVP Regular Expression Denial of Service in tough-cookie
Affected versions of tough-cookie are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...
Regular Expression Denial of Service (ReDoS)
Overview io.konig:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th, 2018 -...
Regular Expression Denial of Service (ReDoS)
Overview com.sksamuel.diff:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th,...
openssl: EVP_EncodeUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...
openssl: EVP_EncryptUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...
openssl: EVP_EncodeUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...
openssl: EVP_EncryptUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...
openssl: EVP_EncodeUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...
openssl: EVP_EncryptUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...