EUVD-2026-11482

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

yauzl contains an off-by-one error

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

EUVD-2008-3433

Malware in sbrugna...

EUVD-2019-4926

Malware in sbrugna...

EUVD-2019-7912

Malware in sbrugna...

EUVD-2009-1346

Malware in sbrugna...

USN-7015-4: Python vulnerability

USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04 LTS. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special...

USN-7015-1: Python vulnerabilities

It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. CVE-2023-27043 It was discovered that Python allowed excessive backtracking while parsing...

Interpretation Conflict

Overview std/archive/zip is a Go standard library package std/archive/zip Affected versions of this package are vulnerable to Interpretation Conflict. Go Vulnerability Report: due to inconsistent handling of certain malformed zip files in the archive/zip process. An attacker can cause different...

SUSE CVE-2019-17582

A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...

CVE-2022-37439 Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malform...

[SECURITY] [DLA 3030-1] zipios++ security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3030-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 27, 2022 https://wiki.debian.org/LTS -...

golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could...

golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could...

golang: archive/zip: malformed archive may cause panic or memory exhaustion

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files...

golang: archive/zip: malformed archive may cause panic or memory exhaustion

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files...

golang: archive/zip: malformed archive may cause panic or memory exhaustion

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files...

golang: archive/zip: malformed archive may cause panic or memory exhaustion

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files...

USN-4811-1 libzip vulnerability

It was discovered that libzip mishandled certain malformed ZIP archives. A remote attacker could use this vulnerability to cause a denial of service...

Double free

A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...