2 matches found
DEBIAN-CVE-2026-5438
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...
PT-2021-7931 · Unknown +5 · Bzip2Decoder +5
Name of the Vulnerable Software and Affected Versions: Bzip2Decoder affected versions not specified Description: The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data, which affects the allocation size used during decompression. All users...