Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/02/10 2:32 p.m.30 views

CVE-2025-15571 ckolivas lrzip stream.c ucompthread null pointer dereference

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed public...

4.8CVSS0.00158EPSS
Exploits1References6
OSV
OSV
added 2026/02/10 2:16 p.m.5 views

DEBIAN-CVE-2025-15570

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...

7.8CVSS5.1AI score0.00202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:37 a.m.14 views

CVE-2022-41185

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream .vds, MataiPersistence.dll file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

7.8CVSS7.9AI score0.00362EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php...

9.8CVSS7.4AI score0.82585EPSS
Exploits6References1
OSV
OSV
added 2023/09/06 9:15 a.m.3 views

CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...

9.8CVSS6.5AI score0.82585EPSS
Exploits6References5
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.9 views

PT-2023-4919

Name of the Vulnerable Software and Affected Versions Media Library Assistant plugin for WordPress versions up to, and including, 3.09 Description The issue is related to insufficient controls on file paths being supplied to the mla stream file parameter from the /includes/mla-stream-image.php...

9.8CVSS9.3AI score0.82585EPSS
Exploits6References50
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-24106

In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc...

7.8CVSS6.9AI score0.00292EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/10/11 9:15 p.m.2 views

CVE-2022-41185

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream .vds, MataiPersistence.dll file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

7.8CVSS6AI score0.00362EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/26 1:15 p.m.3 views

DEBIAN-CVE-2021-33453

An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread in stream.c:1538...

7.8CVSS7.5AI score0.00341EPSS
Exploits1References1
OSV
OSV
added 2022/01/24 12:0 a.m.8 views

OSV-2022-84 Heap-buffer-overflow in Core::Stream::File::open_path

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43978 Crash type: Heap-buffer-overflow READ Crash state: Core::Stream::File::openpath Core::Stream::File::open Audio::FlacLoaderPlugin::FlacLoaderPlugin...

7.2AI score
Exploits0References1
OSV
OSV
added 2021/06/10 4:15 p.m.1 views

DEBIAN-CVE-2020-25467

A null pointer dereference was discovered lzodecompressbuf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service DOS via a crafted compressed file...

5.5CVSS6.1AI score0.00929EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2021/06/10 3:37 p.m.47 views

CVE-2021-27347

Use after free in lzmadecompressbuf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service DoS via a crafted compressed file...

5.5CVSS6AI score0.00716EPSS
Exploits1
CNVD
CNVD
added 2019/03/25 12:0 a.m.3 views

Xpdf PE Vulnerability (CNVD-2019-22438)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. An FPE vulnerability exists in the ImageStream::ImageStream function in Stream.cc in Xpdf 4.01.01. No detailed vulnerability details are provided at this time...

5.5CVSS6.8AI score0.00873EPSS
Exploits1References1
OSV
OSV
added 2018/05/02 10:29 p.m.2 views

DEBIAN-CVE-2018-10685

In Long Range Zip aka lrzip 0.631, there is a use-after-free in the lzmadecompressbuf function of stream.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

9.8CVSS9.5AI score0.02485EPSS
Exploits1References1
CNVD
CNVD
added 2017/05/10 12:0 a.m.2 views

lrzip buffer overflow vulnerability

lrzip Long Range ZIP is an open source compression utility for large files. A buffer overflow vulnerability exists in the 'read1g' function in the stream.c file of liblrzip.so in lrzip version 0.631. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer overflo...

7.8CVSS7.2AI score0.01597EPSS
Exploits0References1
Rows per page
Query Builder