GHSA-Q6X5-8V7M-XCRF protobufjs has overlong UTF-8 decoding

Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...

protobufjs has overlong UTF-8 decoding

Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious sequences that decode to canonical characters. This is only...

Linux Distros Unpatched Vulnerability : CVE-2025-46646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for...

ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding

A flaw was found in Ghostscript/base/gputf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories...

ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding

A flaw was found in Ghostscript/base/gputf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories...

ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding

A flaw was found in Ghostscript/base/gputf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories...

UBUNTU-CVE-2025-46646

In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954...

ALPINE-CVE-2024-46954

An issue was discovered in decodeutf8 in base/gputf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal...

php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string

Integer overflow in the xmlutf8decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870...