24 matches found
CVE-2026-7040 Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters
Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...
PT-2026-35416
Name of the Vulnerable Software and Affected Versions Text::Minify::XS versions 0.3.0 through 0.7.7 Description A heap overflow occurs when processing certain malformed UTF-8 characters. The minify function and its alias minify utf8 mishandle these characters, which leads to heap corruption...
CVE-2025-56353
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...
CVE-2025-6966 Null-pointer dereference in python-apt TagSection.keys()
NULL pointer dereference in TagSection.keys in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service process crash via a crafted deb822 file with a malformed non-UTF-8 key...
EUVD-2025-18140
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-40032
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfau...
CVE-2025-40912
A denial-of-service vulnerability has been discovered in the CPAN CryptX module. This flaw can be triggered by an attacker who is able to supply specially malformed Unicode input. Such malicious input could lead to a program crash, impacting the availability of any applications or services that...
DEBIAN-CVE-2025-40912
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362...
UBUNTU-CVE-2025-40912
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362...
CVE-2025-40912 CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362...
CVE-2025-40912 CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362...
CVE-2025-40912
CryptX for Perl prior to 0.065 embeds libtomcrypt, and the included tomcrypt versions before 1.18.2 may be vulnerable to CVE-2019-17362. The underlying issue is in der_decode_utf8_string handling of certain invalid UTF-8 sequences, allowing denial of service (out-of-bounds read/crash) or informat...
Perl CryptX 安全漏洞
Perl CryptX is a versatile and powerful, high-performance cryptographic toolkit for Perl open source. A security vulnerability exists in Perl CryptX versions prior to 0.065, which stems from a dependency library that may be vulnerable to a malformed unicode attack...
Important: ecs-service-connect-agent
Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...
CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...
PT-2024-28052 · Unknown · Nlohmann/Json +1
Name of the Vulnerable Software and Affected Versions: dd-trace-cpp versions prior to 0.2.2 Description: The issue occurs when the library fails to extract trace context due to malformed unicode. It attempts to log the list of audited headers and their values using the nlohmann JSON library...
Temporal Server 安全漏洞
Temporal Server is a microservices orchestration platform from Temporal. A security vulnerability exists in Temporal Server versions prior to 1.20.5, 1.21.6, and 1.22.7, which stems from a vulnerability that allows an attacker to interact with a workflow and craft invalid UTF-8 strings for...
SUSE CVE-2014-9488
The isutf8wellformed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read...
expat: buffer over-read and crash on XML with malformed UTF-8 sequences
The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...
UBUNTU-CVE-2009-3560
The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...