EUVD-2022-1934

Malicious code in bioql PyPI...

Path Traversal

langchain is vulnerable to path traversal. The vulnerability is due to improper input sanitization in the getFullPath method, which allows attackers to exploit the setFileContent, getParsedFile, and mdelete methods, enabling them to save files anywhere in the filesystem, overwrite existing text...

poppler: integer overflow in JBIG2 decoder using malformed files

An integer overflow issue was discovered in Popplers' JBIG2 decoder in the JBIG2Stream::readTextRegionSeg function in JBIGStream.cc file. This flaw allows an attacker to trick a user into opening a malformed PDF file or JBIG2 image in the application, triggering an integer overflow, which could...

CVE-2023-20914

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

SUSE CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIG2Stream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Exploiting this vulnerability is possible by processing a specially crafted PDF file or JBIG2 image. Remediation Upgrade poppler to...

PT-2020-17120 · Dhowden · Dhowden Tag

Name of the Vulnerable Software and Affected Versions: dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63 dhowden tag versions prior to 2020-11-19 Description: The issue is due to improper bounds checking in several methods, which can trigger a panic via readAPICFrame, readAtomData, ...

UBUNTU-CVE-2019-13286

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure...

DEBIAN-CVE-2017-14173

In the function ReadTXTImage in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRangedepth+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a...

UBUNTU-CVE-2017-14173

In the function ReadTXTImage in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRangedepth+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a...

PHP Heap Overflow Vulnerability

PHP is a popular general-purpose scripting language that is particularly well suited for web development. A memory overflow vulnerability exists in the phpmysqlndrowpreadtextprotocolaux field in PHP version 7.0.10, which can be exploited by an attacker to cause a memory overflow...

CVE-2008-4593

Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416...