EUVD-2026-34849

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

PT-2026-46970

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

BIT-PHP-MIN-2025-14177 Information Leak of Memory in getimagesize

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

SUSE CVE-2025-14177

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

CVE-2025-14177 Information Leak of Memory in getimagesize

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

CVE-2025-14177

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

SUSE CVE-2017-8846

The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...

SUSE CVE-2018-11496

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

Long Range Zip Memory Misreference Vulnerability

Long Range Zip aka lrzip is an open source compression utility for large files. A memory misreference vulnerability exists in the 'readstream' function of the stream.c file in lrzip version 0.631, which stems from a failure to check the size value of decompressfile in the lrzip.c file. A remote...

DEBIAN-CVE-2018-11496

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

UBUNTU-CVE-2018-11496

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

PT-2018-10613 · Lrzip +1 · Long Range Zip +1

Name of the Vulnerable Software and Affected Versions: Long Range Zip aka lrzip version 0.631 Description: The issue is related to a use-after-free in the read stream function in stream.c, caused by the lack of certain size validation in the decompress file function in lrzip.c. Recommendations: F...

CVE-2017-8846

The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...

UBUNTU-CVE-2017-8846

The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...