15 matches found
CVE-2025-15571 ckolivas lrzip stream.c ucompthread null pointer dereference
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed public...
DEBIAN-CVE-2025-15570
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...
CVE-2022-41185
Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream .vds, MataiPersistence.dll file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...
VulnCheck KEV: CVE-2023-4634
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php...
CVE-2023-4634
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...
PT-2023-4919
Name of the Vulnerable Software and Affected Versions Media Library Assistant plugin for WordPress versions up to, and including, 3.09 Description The issue is related to insufficient controls on file paths being supplied to the mla stream file parameter from the /includes/mla-stream-image.php...
SUSE CVE-2022-24106
In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc...
CVE-2022-41185
Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream .vds, MataiPersistence.dll file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...
DEBIAN-CVE-2021-33453
An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread in stream.c:1538...
OSV-2022-84 Heap-buffer-overflow in Core::Stream::File::open_path
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43978 Crash type: Heap-buffer-overflow READ Crash state: Core::Stream::File::openpath Core::Stream::File::open Audio::FlacLoaderPlugin::FlacLoaderPlugin...
DEBIAN-CVE-2020-25467
A null pointer dereference was discovered lzodecompressbuf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service DOS via a crafted compressed file...
CVE-2021-27347
Use after free in lzmadecompressbuf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service DoS via a crafted compressed file...
Xpdf PE Vulnerability (CNVD-2019-22438)
Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. An FPE vulnerability exists in the ImageStream::ImageStream function in Stream.cc in Xpdf 4.01.01. No detailed vulnerability details are provided at this time...
DEBIAN-CVE-2018-10685
In Long Range Zip aka lrzip 0.631, there is a use-after-free in the lzmadecompressbuf function of stream.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
lrzip buffer overflow vulnerability
lrzip Long Range ZIP is an open source compression utility for large files. A buffer overflow vulnerability exists in the 'read1g' function in the stream.c file of liblrzip.so in lrzip version 0.631. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer overflo...