PT-2023-12950 · Matthias Wandel +1 · Jhead +1

Name of the Vulnerable Software and Affected Versions: Matthias-Wandel/jhead version 3.06 Description: The issue arises from jhead copying strings to a stack buffer when it detects a &i or &o, without checking the boundary of the stack buffer. This results in a stack buffer overflow problem when...

CVE-2022-28550

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape, jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when...

plugin: improper Implementation of shellescape() (arbitrary code execution)

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" exclamation point shell metacharacter in 1 the filename of a ZIP archive and possibly 2 the filename of the first file in a ZIP archive, which is not properly...