120 matches found
Infinite loop
Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Infinite loop in the % case % tag parsing logic, caused by an incorrect definition of the EOF token's kind and value in the TokenStream.eof attribute. A user who can...
MediaInfoLib 安全漏洞
MediaInfoLib is a tool developed by MediaArea for displaying technical information and tag data related to audio and video files. MediaInfoLib has a security vulnerability, which stems from a heap buffer overflow issue during ID3v2 parsing...
MediaArea MediaInfoLib ID3v2 parsing heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the ID3v2 parsing functionality of MediaInfoLib versions: 26.01. A specially crafted media file that contains ID3v2 tags can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2026-31792
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5...
CVE-2026-28419 Vim has Heap-based Buffer Underflow in Emacs tags parsing
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...
Spring Framework DoS (CVE-2024-38808, CVE-2024-38809 and CVE-2024-22262)
The Spring Framework vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the Brocade SANnav 3.0.0...
MiracleLinux 4 : libexif-0.6.21-5.AXS4 (AXSA:2012-974:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-974:01 advisory. Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you t...
Fedora 43 : dr_libs (2025-894ea1b6a5)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-894ea1b6a5 advisory. drflac v0.13.2 - 2025-12-02 - Improve robustness of the parsing of picture metadata to improve support for memory constrained embedded devices. - Fix a warni...
CVE-2025-58477
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
TencentOS Server 4: podman (TSSA-2025:0377)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0377 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
EUVD-2012-2821
Malware in sbrugna...
EUVD-2012-2794
Malware in sbrugna...
EUVD-2012-2793
Malware in sbrugna...
EUVD-2018-15448
Malware in sbrugna...
EUVD-2004-2769
Malware in sbrugna...
EUVD-2012-2820
Malware in sbrugna...
EUVD-2012-2792
Malware in sbrugna...
EUVD-2017-11957
Malware in sbrugna...
EUVD-2022-7707
Malicious code in bioql PyPI...
CLSA-2025-1759410214 Fix CVE(s): CVE-2025-58364
SECURITY UPDATE: IPP extension tag parsing vulnerability - debian/patches/CVE-2025-58364.patch: fix handling of extension tag in ippreadio - CVE-2025-58364...