PT-2024-20295 · Libming · Libming

Name of the Vulnerable Software and Affected Versions: libming version 0.4.8 Description: A memory leak issue was discovered in the parseSWF FILLSTYLEARRAY function, allowing attackers to cause a denial of service via a crafted SWF file. Recommendations: For libming version 0.4.8, consider updati...

The vulnerability of the Spreadsheet::ParseXLSX library for the Perl programming language arises from incorrect restrictions on XML references to external objects. This allows attackers to perform XXE attacks.

The vulnerability of the Spreadsheet::ParseXLSX library for the Perl programming language relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using a specially created XLSX file...

UBUNTU-CVE-2023-52469

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kvparsepowertable When ps allocated by kzalloc equals to NULL, kvparsepowertable frees adev-pm.dpm.ps that allocated before. However, after the control flow goes through the following call...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse vulnerability in kvparsepowertable...

UBUNTU-CVE-2023-52434

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2parsecontexts Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. This fixes following oops when accessing invalid create contexts from server: BUG: unabl...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parsemetaelementcreate function. An attacker can execute arbitrary code or cause a denial of service condition by causing the vulnerable application to process a malicious DICOM image. Remediation A fix was pushed...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the parsemetasequenceend function. An attacker can execute arbitrary code or cause a denial of service by causing the vulnerable application to process a malicious DICOM image. Remediation A fix was pushed into the master...

Regular Expression Denial Of Service (ReDoS)

urlite is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due a regex with inefficient complexity within lib/pattern.js which is utilized by the parse function. An attacker can submit a crafter payload to the parse function which leads to Regular Expression Denial o...

Imaging Data Commons libdicom Resource Management Error Vulnerability

Imaging Data Commons libdicom is the Imaging Data Commons C library for reading DICOM files. A resource management error vulnerability exists in Imaging Data Commons libdicom version 1.0.5, which stems from a post-release reuse vulnerability in the parsing of DICOM elements...

PT-2024-20563 · Libdicom · Libdicom

Name of the Vulnerable Software and Affected Versions: libdicom version 1.0.5 Description: A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing o...

PT-2024-40577 · Boost · Boost

Name of the Vulnerable Software and Affected Versions: boost affected versions not specified Description: The issue is related to a stack-overflow crash. Technical details about the crash include the involvement of specific function names such as parse subgraph, parse endpoint rest, and parse stm...

The vulnerabilities of the functions PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass() in the OpenSSL library allow a attacker to cause a service failure.

The vulnerabilities of the functions PKCS12parse, PKCS12unpackp7data, PKCS12unpackp7encdata, PKCS12unpackauthsafes, and PKCS12newpass in the OpenSSL library are related to pointer arithmetic errors. Exploiting these vulnerabilities could allow an attacker to cause a service failure...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

PT-2024-10422

Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1 Description The issue is related to an integer overflow vulnerability in the parse options function of sbgdec.c within the libavformat module. This vulnerability allows for negative duration values to be accepted without...

kernel: buffer overflow in nft_set_desc_concat_parse()

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

CVE-2023-43536 Buffer Over-read in WLAN Firmware

Transient DOS while parse fils IE with length equal to 1...

avahi: Reachable assertion in avahi_rdata_parse

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

AZL-33937 CVE-2024-0727 affecting package openssl for versions less than 1.1.1k-29

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

PT-2024-13312 · Gnome · Gnome Gtk

Name of the Vulnerable Software and Affected Versions: Gnome GTK affected versions not specified Description: The issue is related to a null pointer dereference in Gnome GTK, specifically via the parse settings function at xsettings-client.c. Recommendations: At the moment, there is no informatio...