26 matches found
Astra Linux - уязвимость в libsoup2.4
A flaw was discovered in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read data beyond its intended range...
CVE-2026-41415
A flaw was found in PJSIP, a multimedia communication library. A remote attacker could exploit this vulnerability by sending a specially crafted Session Initiation Protocol SIP multipart message containing a malformed Content-ID URI. Insufficient length validation during parsing of this URI can...
CVE-2026-41415
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This...
PT-2026-35058
Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description An out-of-bounds read occurs when parsing a malformed Content-ID URI in a SIP multipart message body. This is caused by insufficient length validation, which allows reads to extend beyond the intended...
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup
A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup
A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...
libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process
A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup
A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...
thunderbird: Information Disclosure of /tmp directory listing
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edit...
CVE-2025-2830
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...
CVE-2025-2830
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...
CVE-2025-2830
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...
CVE-2025-2830 Information Disclosure of /tmp directory listing
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...
libsoup 缓冲区错误漏洞
libsoup is a GNOME HTTP client/server library from the GNOME Project. A buffer error vulnerability exists in libsoup, which stems from an out-of-bounds read in the function soupmultipartnewfrommessage, which could cause the server to read out of bounds...
SUSE CVE-2005-3183
The HTBoundaryputblock function in HTBound.c for W3C libwww w3c-libwww allows remote servers to cause a denial of service segmentation fault via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read...
SUSE CVE-2006-6406
Clam AntiVirus ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...
SUSE CVE-2007-0898
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. dot dot in the id MIME header parameter in a multi-part message...
Cross-site Scripting (XSS) - Stored in snipe/snipe-it
Description Multiple Stored XSS at 'snipeitram3' and 'snipeitcpu4' in the multipart message of POST request when creating a new Asset or editing an existed Asset. Proof of Concept POST /hardware HTTP/1.1 Host: develop.snipeitapp.com Connection: close Content-Length: 2560 Cache-Control: max-age=0...
UBUNTU-CVE-2018-15586
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email...
openSUSE Security Update : roundcubemail (openSUSE-2016-1205)
This update for roundcubemail to 1.1.6 fixes several issues boo1001856. These security issues were fixed : - Fix XSS issue in href attribute on area tag - Wash position:fixed style in HTML mail for better security These non-security issues were fixed : - Searching in both contacts and groups when...