The vulnerability of the parse_table() function in the ps-pdf.cxx component of the HTMLDOC document conversion tool allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the parsetable function in the ps-pdf.cxx component of the HTMLDOC conversion tool is related to writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

PT-2024-41023 · Oracle · Java Xml

Name of the Vulnerable Software and Affected Versions: Java XML affected versions not specified Description: The issue is related to a security exception in the Java XML library. A crash occurs in the DOM2TO.parse function, which is part of the com.sun.org.apache.xalan.internal.xsltc.trax package...

libexpat: Negative Length Parsing Vulnerability in libexpat

A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XMLParseBuffer function...

AZL-49421 CVE-2024-46742 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of leasectxinfo in smb2open null-ptr-deref will occur when reqoplevel == SMB2OPLOCKLEVELLEASE and parseleasestate return NULL. Fix this by check if 'leasectxinfo' is NULL. Additionally,...

DEBIAN-CVE-2024-46743

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent node from address-cells property, KASAN detects the following...

CLSA-2024-1726608591 expat: Fix of 3 CVEs

CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c - CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23 (SUSE-SU-2024:3214-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3214-1 advisory. - Update go v1.23.1 - CVE-2024-34155: Fixed stack exhaustion in all Parse functions. bsc1230252 ...

The vulnerability of the Parse function in the Go programming language, which allows a hacker to trigger a service failure

The vulnerability of the Parse function in the Go programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the Parse function in the Go programming language, which allows a hacker to trigger a service failure

The vulnerability of the Parse function in the Go programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the `cv::XMLParser::parse` function in the `modules/core/src/persistence.cpp` file of the OpenCV library, a open-source computer vision and image processing software, relates to pointer dereferencing errors. This vulnerability allows attackers to trigger a service denial.

The vulnerability of the cv::XMLParser::parse function in the modules/core/src/persistence.cpp file of the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, is related to pointer dereferencing errors. Exploiting this vulnerability could allow a...

CLSA-2024-1726163202 expat: Fix of 3 CVEs

The release version was raised because it corresponds to version 13 - CVE-2024-45490: reject negative len for XMLParseBuffer to prevent improper restriction of XML External Entity Reference - CVE-2024-45491: prevent integer overflow in dtdCopy - CVE-2024-45492: prevent integer overflow in...

SUSE-SU-2024:3214-1 Security update for go1.23

This update for go1.23 fixes the following issues: - Update go v1.23.1 - CVE-2024-34155: Fixed stack exhaustion in all Parse functions. bsc1230252 - CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. bsc1230253 - CVE-2024-34158: Fixed stack exhaustion in Parse. bsc1230254...

SUSE-SU-2024:3213-1 Security update for go1.22

This update for go1.22 fixes the following issues: - Update go v1.22.7 - CVE-2024-34155: Fixed stack exhaustion in all Parse functions. bsc1230252 - CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. bsc1230253 - CVE-2024-34158: Fixed stack exhaustion in Parse. bsc1230254...

In x/text in Go before v0.3.5 a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

...

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation

...

In x/text in Go 1.15.4 an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

...

SUSE SLES12 Security Update : go1.22 (SUSE-SU-2024:3196-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3196-1 advisory. - Update to go v1.22.7 - CVE-2024-34155: Fixed stack exhaustion in all Parse functions. bsc1230252 - CVE-2024-34156: Fixed stack...

The vulnerability of the `torch.jit.annotations.parse_type_line()` function in the PyTorch machine learning framework allows a hacker to execute arbitrary code.

The vulnerability of the torch.jit.annotations.parsetypeline function in the PyTorch machine learning framework is related to incorrect code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

SUSE SLES12 Security Update : go1.23 (SUSE-SU-2024:3197-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3197-1 advisory. - Update go v1.23.1 - CVE-2024-34155: Fixed stack exhaustion in all Parse functions. bsc1230252 - CVE-2024-34156: Fixed stack...