string-math 安全漏洞

string-math is a module function for calculating results based on arithmetic formulas by the Polish individual developer devrafalko. A security vulnerability exists in string-math version 1.2.2, which stems from improper handling of regular expressions and could lead to a regular expression denia...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

PT-2025-27455 · Unknown · String-Math

Name of the Vulnerable Software and Affected Versions: string-math version 1.2.2 Description: The issue is a Regex Denial of Service ReDoS that can be exploited via a crafted input. Recommendations: For string-math version 1.2.2, consider validating and sanitizing all inputs to prevent crafted...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

[SECURITY] Fedora 41 Update: glibc-2.40-26.fc41

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

mpfr: buffer overflow in mpfr_strtofr

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

Malicious code in math-utils-gava (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbfa97f4de0215f88db05e74ecb15d790ba8221495f33601d48f98303f3f93d4 Any computer that has this package installed or running should be considered...

com.farao-community.farao:csa-runner-api (>=1.3.1 <=2.6.1), com.farao-community.farao:csa-runner-app (>=1.3.1 <=2.6.1) +173 more potentially affected by CVE-2025-47771 via com.powsybl:powsybl-math (>=6.3.0 <=6.7.1)

com.powsybl:powsybl-math MAVEN version =6.3.0, =1.3.1, =1.3.1, =1.18.0, =1.18.0, =1.4.0, =1.6.0, =1.12.0, =1.27.0, =1.27.0, =1.27.0, =1.27.0, =1.27.0, =1.24.0, =1.6.2, =1.13.0 and more Source cves: CVE-2025-47771 Source advisory: OSV:GHSA-F5CX-H789-J959...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the read method of the SparseMatrix class. An attacker can execute arbitrary code or escalate privileges by providing a crafted serialized object to be deserialized. Note: This is only exploitable i...

AZL-70361 CVE-2022-50167 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elemsize are u32. Fix this everywhere by forcing 64-bit...

XML External Entity (XXE) Injection

PHPOffice/math is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parsing using the LIBXMLDTDLOAD flag without filtering, allowing external entity resolution when loading XML data...

CVE-2025-48882

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

XML External Entity (XXE) Injection

Overview phpoffice/math is a Math - Manipulate Math Formula Affected versions of this package are vulnerable to XML External Entity XXE Injection via the libxml extension and the LIBXMLDTDLOAD flag. An attacker can extract sensitive data or cause a denial of service by sending specially crafted X...

CVE-2025-48882

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

CVE-2025-48882

PHPOffice Math prior to 0.3.0 is vulnerable to XML External Entity (XXE) injection when loading XML data with LIBXML_DTDLOAD (e.g., MathML parsing). The vulnerability allows an attacker to read local files or cause denial of service via crafted XML; the issue is fixed in 0.3.0. Remediation: upgra...

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

Math 代码问题漏洞

Math is an open source math plugin for PHPOffice. A code issue vulnerability exists in versions of Math prior to 0.3.0 that stems from unfiltered XML data being loaded, which could lead to an XXE attack...

GHSA-42HM-PQ2F-3R7M PHPOffice Math allows XXE when processing an XML file in the MathML format

Product: Math Version: 0.2.0 CWE-ID: CWE-611: Improper Restriction of XML External Entity Reference CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Description: An attacker can create a special XML file, duri...