11 matches found
DEBIAN-CVE-2026-5439
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...
UBUNTU-CVE-2026-5439
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...
CVE-2026-5439 Memory Exhaustion via Forged ZIP Metadata
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...
Linux Distros Unpatched Vulnerability : CVE-2026-5439
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadat...
EUVD-2024-55537
Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...
CVE-2025-23410
When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types...
Fork CMS 代码问题漏洞
Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . Fork CMS has an arbitrary file upload vulnerability that can be exploited to create or replace arbitrary files in the themes directory with...
CVE-2021-24376
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP...
Design/Logic Flaw
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. A malicious party could potentially exploit the vulnerability to execute arbitrary PHP code execute under the application's permissions. To do so, the malicious party needs to upload a rogue .tar, .tar.gz, .bz2, or .tlz file uploaded to the Drupal server...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. A malicious party could potentially exploit the vulnerability to execute arbitrary PHP code execute under the application's permissions. To do so, the malicious party needs to upload a rogue .tar, .tar.gz, .bz2, or .tlz file uploaded to the Drupal server...