61 matches found
CVE-2026-40334
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
PT-2026-30657
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...
SUSE CVE-2026-23403
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verifyheader The function sets ns = NULL on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checki...
EUVD-2026-17831
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verifyheader The function sets ns = NULL on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checki...
FreeBSD : wheel -- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (65439aa0-f77d-11f0-9821-b0416f0c4c67)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 65439aa0-f77d-11f0-9821-b0416f0c4c67 advisory. https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line...
Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack
Summary - Vulnerability Type: Path Traversal CWE-22 leading to Arbitrary File Permission Modification. - Root Cause Component: wheel.cli.unpack.unpack function. - Affected Packages: 1. wheel Upstream source 2. setuptools Downstream, vendors wheel - Severity: High Allows modifying system file...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the unpack function. An attacker can modify permissions of arbitrary files by supplying a malicious archive that, when unpacked, executes chmod on sensitive files outside the intended extraction directory. Detail...
CVE-2025-40068 fs: ntfs3: Fix integer overflow in run_unpack()
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...
rplay 安全漏洞
rplay is a remote sound playback library from boyns open source. A security vulnerability exists in rplay 3.3.2 and earlier versions, which stems from a flawed memcpy operation in the RPLAYDATA case in the rplayunpack function, which could result in a denial of service or unspecified other impact...
CVE-2025-5981
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the unpack function, when using the CLI flag --remote-image on untrusted container images. An attacker can write arbitrary files to the host system. This allows the attacker to create or overwrite...
OSV-SCALIBR 安全漏洞
OSV-SCALIBR is an open source software portfolio analysis library from Google. A security vulnerability exists in OSV-SCALIBR, which stems from a path traversal problem in the unpack function that could lead to arbitrary file writes...
PT-2024-40316 · Solana · Solana Program Library
Name of the Vulnerable Software and Affected Versions: Solana Program Library affected versions not specified Description: The issue arises from the unpack function in the library, which casts a u8 array to arbitrary types. This can lead to undefined behaviors due to misaligned pointer dereferenc...
PT-2024-40969 · Solana · Solana Program Library
Name of the Vulnerable Software and Affected Versions: Solana Program Library affected versions not specified Description: The issue arises from the unpack function in the library, which can lead to undefined behavior when casting a u8 array to arbitrary types. This is due to the potential for...
CVE-2024-31195
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::MultipartReplyTable::unpack. This issue affects libfluid: 0.1.0...
CVE-2024-31191
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::MultipartReplyMeter::unpack. This issue affects libfluid: 0.1.0...
CVE-2024-31188
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::MultipartReplyTableFeatures::unpack. This issue affects libfluid: 0.1.0...
CVE-2024-31178
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::TableFeaturePropNextTables::unpack. This issue affects libfluid: 0.1.0...
CVE-2024-31176
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::TableFeaturePropOXM::unpack. This issue affects libfluid: 0.1.0...
CVE-2024-31179
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::TableFeaturePropInstruction::unpack. This issue affects libfluid: 0.1.0...