12 matches found
Astra Linux – Vulnerability in Gdal
In GDAL version 3.0.1 and later, there is a double-free in the poolDestroy function within OGRExpatRealloc in the ogr/ogrexpat.cpp file, which occurs when the 10MB threshold is exceeded...
CVE-2026-27633
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...
CVE-2026-27633
CVE-2026-27633 affects TinyWeb on Windows (Delphi; pre-2.02). Unauthenticated remote attackers can trigger a DoS by sending an HTTP POST with an extremely large Content-Length; TinyWeb allocates memory for the request body streaming it without a cap, exhausting all available memory and crashing. ...
EUVD-2026-8765
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...
CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...
PT-2025-38983
Name of the Vulnerable Software and Affected Versions BunnyPad versions prior to 11.0.27000.0915 Description BunnyPad, a note-taking software, is susceptible to a buffer overflow when opening files that are 20MB or larger. The issue was addressed with the release of version 11.0.27000.0915...
Linux Distros Unpatched Vulnerability : CVE-2019-17545
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold is exceeded. CVE-2019-17545 Note that Nessus...
CVE-2025-32025
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...
SUSE CVE-2019-17545
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold is exceeded...
DEBIAN-CVE-2019-17545
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold is exceeded...
PYSEC-2019-241
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold is exceeded...
GDAL Double Release Vulnerability
GDAL is an open source software library for manipulating various raster and vector geospatial data formats. A poolDestroy double-release vulnerability exists in OGRExpatRealloc in ogr/ogrexpat.cpp in GDAL 3.0.1 and earlier when the 10MB threshold is exceeded, and no detailed vulnerability details...