JLSEC-2025-12 cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of ser...

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call...

EUVD-2021-20321

Malware in sbrugna...

EUVD-2021-20320

Malware in sbrugna...

The vulnerability of the libtar package, related to reading data beyond the memory boundaries, allows an attacker to gain access to confidential information.

The vulnerability of the libtar package is related to the initiation of the malloc0 call for the variable gnulongname. Exploiting this vulnerability may allow an attacker to gain access to confidential information...

The vulnerability of the libtar package, related to reading data beyond the memory boundaries, allows an attacker to gain access to confidential information.

The vulnerability of the libtar package is related to the initiation of the malloc0 call for the gnulonglink variable. Exploiting this vulnerability may allow an attacker to gain access to confidential information...

libtar: out-of-bounds read in gnu_longname

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

libtar: out-of-bounds read in gnu_longlink

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with the size in the header struct being 0 to trigger a calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname causing an out-of-bounds read.

...

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink causing an out-of-bounds read.

...

CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

DEBIAN-CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

AZL-34946 CVE-2021-33643 affecting package libtar for versions less than 1.2.20-11

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

AZL-10542 CVE-2021-33643 affecting package libtar for versions less than 1.2.20-10

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

UBUNTU-CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

UBUNTU-CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

openEuler 缓冲区错误漏洞

openEuler is an operating system from the Open Atomics Open Source Foundation. Open Atomics Open Source Foundation A security vulnerability exists in versions 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS of openEuler, which stems from the fact that an attacker who submits a specially crafted tar...

PT-2022-10277 · Alt Linux +7 · Alt Linux +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger a call to malloc0 for a variable gnu longname,...

PT-2022-10276

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description The issue allows an attacker to trigger an out-of-bounds read by submitting a crafted tar file with a size of 0 in the header struct. This can cause the...

cairo cairo-truetype-subset.c file denial of service vulnerability

cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports 2D drawing in multiple contexts and provides high-quality display and printouts. A security vulnerability exists in the cairo-truetype-subset.c file in cai...