SUSE CVE-2026-24738

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

GO-2026-4379 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values in github.com/gmrtd/gmrtd

gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values in github.com/gmrtd/gmrtd...

CVE-2026-24738

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ReadFile function. An attacker can cause excessive CPU and memory consumption by supplying maliciously crafted TLV length values from an NFC or APDU source, leading to resourc...

GHSA-J49H-6577-5XWQ gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

Unbounded TLV length in ReadFile can cause Denial of Service Summary A Denial of Service vulnerability was identified in ReadFile where unbounded TLV length values could lead to excessive CPU and memory usage when processing data from a malicious or non-compliant NFC source. This issue has been...

gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

Unbounded TLV length in ReadFile can cause Denial of Service Summary A Denial of Service vulnerability was identified in ReadFile where unbounded TLV length values could lead to excessive CPU and memory usage when processing data from a malicious or non-compliant NFC source. This issue has been...

CVE-2017-20212

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile function to access...

WordPress plugin Admin Word Count Column路径遍历漏洞

WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress plugin Admin An arbitrary file reading vulnerability exists in Word Count Column 2.2 and earlier versions, which...

CVE-2021-21906

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

Directory Traversal

Overview rollup-plugin-serve is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation. PoC by JHU System Security Lab Step 1: start a server var server = require"rollup-plugin-serve"; serve...

CVE-2017-5595

CVE-2017-5595 affects ZoneMinder 1.x up to v1.30.0, enabling an authenticated attacker to read local files (e.g., /etc/passwd) via web/views/file.php due to unfiltered input passed to readfile(); the attack uses a .. in the path parameter zm/index.php?view=file&path=. Connected advisories confirm...

House Style 0.1.2 - readfile() Local File Disclosure Vulnerability

No description provided by source. Exploit Title: House Style 0.1.2 = readfile Local File Disclosure Vulnerability Date: 11/07/2012 Author: GoLdM Vendor or Software Link: http://sourceforge.net/projects/housestyle/ Version: 1.03 Category:: readfile Local File Disclosure Vulnerability2 Tested on: ...

CPE17 Autorun Killer 1.7.1 Buffer Overflow

CPE17 Autorun Killer 'CPE17 Autorun Killer %q readfile function is vulnerable it can be overflow , 'Author' = 'Xelenonz' , 'Version' = '0.1', 'Payload' = 'EncoderType' = Msf::Encoder::Type::AlphanumMixed, 'EncoderOptions' = 'BufferRegister'='ECX', , 'DefaultOptions' = 'DisablePayloadHandler' =...

Ultrize TimeSheet 1.2.2 readfile() Local File Disclosure Vulnerability

No description provided by source. Ultrize TimeSheet 1.2.2 readfile Local File Disclosure Vulnerability Code page /actions/downloadFile.php ==== ?php // This script performs the actual file download $fileName = $REQUEST'fileName'; --!! $jobid = $REQUEST'jobid'; --!! $fullFile =...

CVE-2005-0596

PHP 4 PHP4 allows attackers to cause a denial of service daemon crash by using the readfile function on a file whose size is a multiple of the page size...