GO-2026-4577 malcontent: Nested archive extraction failure can drop content from scan inputs in github.com/chainguard-dev/malcontent

malcontent: Nested archive extraction failure can drop content from scan inputs in github.com/chainguard-dev/malcontent...

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions due to the extractNestedArchive function. An attacker can cause incomplete scanning of potentially malicious content by supplying nested archives that fail to extract. Remediation...

EUVD-2025-201253

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...

CVE-2025-65806

CVE-2025-65806 affects the E-POINT CMS eagle.gsam-1169.1. The vulnerability stems from the file upload feature not properly handling nested archive files, allowing an attacker to upload a ZIP containing another ZIP whose inner archive holds an executable (for example webshell.php). During extract...

CVE-2023-22898

workers/extractor.py in Pandora aka pandora-analysis/pandora 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive aka ZIP bomb...

SUSE CVE-2017-12448

The bfdcacheclose function in bfd/cache.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because...

SUSE CVE-2018-18520

An Invalid Memory Address Dereference exists in the function elfend in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handlear in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a...

Input validation

The bfdcacheclose function in bfd/cache.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because...

CVE-2017-12448

The bfdcacheclose function in bfd/cache.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because...

UBUNTU-CVE-2017-12448

The bfdcacheclose function in bfd/cache.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because...

DEBIAN-CVE-2017-12448

The bfdcacheclose function in bfd/cache.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because...