CVE-2023-6915

CVE-2023-6915 is a NULL pointer dereference in ida_free() within lib/idr.c of the Linux kernel leading to potential denial of service. Connected advisories show affected kernels across distributions: Astra Linux lists linux-5.10, 5.15, 6.1; CloudLinux notes ida_free in kernel (CVE-2023-6915) for ...

Linux Kernel Security Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from idafree in lib/idr.c. A null pointer dereference issue was discovered, and a lack of checking on function...

CVE-2023-37644

SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in pngreadchunk in lib/png.c...

Ubuntu 16.04 ESM : Linux kernel (AWS) vulnerabilities (USN-6577-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6577-1 advisory. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from divisio...

MAL-2024-35 Malicious code in axis-common-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d46e6aa49acd26b8f52fc1e1d11ffa3fb20d5efa8e9648fb414a0c25aaa81480 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Buffer overflow

In MicroHttpServer aka Micro HTTP Server through a8ab029, ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI...

at51 (>=0.1.1 <=0.4.1), atrac3p-decoder (>=0.1.0 <=0.1.2) +51 more potentially affected by CVE-2023-53156 via transpose (=0.1.0)

transpose CARGO version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on transpose and may be impacted: - at51 =0.1.1, =0.1.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =2.6.2, =0.6.0, =0.1.0, =0.1.0, =0.1.1 and more Source...

Denial of service caused by infinite recursion when parsing SVG images

Summary When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, a recursive chained using two or more SVG documents is not correctly validated. Depending on t...

Denial of service caused by infinite recursion when parsing SVG document

Summary When parsing the attributes passed to a use tag inside an svg document, we can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. Details...

GHSA-FF5X-7QG5-VWF2 Denial of service caused by infinite recursion when parsing SVG document

Summary When parsing the attributes passed to a use tag inside an svg document, we can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. Details...

Insecure Deserialization/Unsafe Attributes Merge

phenx/php-svg-lib is vulnerable to Insecure Deserialization. The vulnerability is caused due to unsafe attributes such as href, xlink:href and id while merging attributes from the tag to the tag when handling a tag that references an tag. This can lead to an unsafe file read that can cause PHAR...

Denial Of Service (DoS)

phenx/php-svg-lib is vulnerable to Denial Of Service DoS. The vulnerability is caused due to a missing validation for circular references reached while parsing the attributes passed to a use tag inside an SVG document. An attacker can craft a malicious SVG file and send multiple request to a syst...

DEBIAN-CVE-2023-50251

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

CVE-2023-50251

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

CVE-2023-50252

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

Deserialization of untrusted data

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

Design/Logic Flaw

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

CVE-2023-50252

The CVE-2023-50252 issue affects the PHP SVG library php-svg-lib prior to version 0.5.1. When processing a tag that references an tag, the library merges attributes from into . If the href in is not sanitized, this can lead to an unsafe file read and a PHAR deserialization vulnerability in PH...

CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...