Libmobi 缓冲区错误漏洞

Libmobi is a C library . It is used to process Mobipocket/Kindle MOBI e-book format documents. A security vulnerability in parserawml.c:1416 in the GitHub library Libmobi before 0.11, which stems from a buffer error, can be exploited by an attacker to read sensitive information or cause a crash...

The vulnerability of the phar_parse_tarfile function in the PHP programming language allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the PHP interpreter extension is related to errors in number processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure using a specially created tar archive...

The vulnerability of the phar_parse_tarfile function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the pharparsetarfile function ext/phar/tar.c in the PHP programming language is related to errors in number processing. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the phar_parse_pharfile function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the pharparsepharfile function in the PHP programming language is caused by a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the phar_parse_metadata function (ext/phar/phar.c) in the PHP programming language allows a attacker to cause a service failure or potentially have other adverse effects.

The vulnerability of the pharparsemetadata function ext/phar/phar.c in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability could allow an attacker to cause service interruptions or potentially other adverse effects...

The vulnerability of the phar_parse_zipfile function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the pharparsezipfile function ext/phar/zip.c in the PHP programming language is related to errors in number processing. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

PT-2022-13915 · FFmpeg +3 · Ffmpeg +3

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 4.4.2 FFmpeg versions prior to 5.0.1 Description: An integer overflow issue was discovered in the g729 parse function located in libavcodec/g729 parser.c when handling a specially crafted file. This issue can be...

The vulnerability in the ext/date/lib/parse_date.c component of the PHP interpreter allows a attacker to compromise the confidentiality of information.

The vulnerability of the ext/date/lib/parsedate.c component of the PHP interpreter involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of sensitive information...

CVE-2021-40398

An out-of-bounds write vulnerability exists in the parserasterdata functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

PT-2022-11227 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: An out-of-bounds write issue exists in the parse raster data functionality. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger th...

The vulnerability of the urllib.parse module in the Python programming language allows a hacker to inject arbitrary data into the server’s response.

The vulnerability of the urllib.parse module in the Python programming language is related to the failure to handle CRLF sequences properly. Exploiting this vulnerability allows an attacker to send specially crafted data containing CR-LF characters to the application, thereby altering the behavio...

CVE-2022-27823

Improper size check in sapefdparsemetaHEADERold function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file...

golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag...

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user...

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11 a memory leak exists for a certain hid_parse error condition.

...

The Bug Report - March 2022 Edition

The Bug Report - March 2022 By Charles McFarland · April 6, 2022 Your Cybersecurity Comic Relief Comic from https://geek-and-poke.com/ and remains unedited. https://creativecommons.org/licenses/by/3.0/ Use of this comic does not indicate endorsement by the creator. Why am I here? Welcome back the...

CVE-2022-24793 Potential heap buffer overflow when parsing DNS packets in PJSIP

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to...

Vulnerabilities of functions mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable in TLS and SSL protocol implementations. These vulnerabilities allow attackers to access confidential data.

The vulnerabilities of functions mbedtlsecpcheckpubpriv, mbedtlspkparsekey, mbedtlspkparsekeyfile, mbedtlsecpmul, and mbedtlsecpmulrestartable in TLS and SSL protocols involve information disclosure due to inconsistencies. Exploiting these vulnerabilities allows a remote attacker to gain access t...

The vulnerability of the mbedtls_x509_crl_parse_der function in TLS and SSL implementations allows a attacker to cause a service failure.

The vulnerability of the mbedtlsx509crlparseder function in TLS and SSL protocols involves reading data beyond the allowable buffer size. Exploiting this vulnerability allows a remote attacker to cause service failures...