12 matches found
CVE-2025-58146 XAPI UTF-8 string handling
There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...
GHSA-3J69-69WJ-XQX2 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
Summary ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity...
openSUSE 16 Security Update : opencc (openSUSE-SU-2026:20683-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20683-1 advisory. Update to version 1.2.0. Security issues fixed: - CVE-2025-15536: specifically crafted string can lead to out-of-bounds read bsc1256930. Other updates a...
CVE-2026-35373
The CVE-2026-35373 issue affects the ln utility in uutils/coreutils. A logic error causes ln to reject source paths containing non-UTF‑8 filename bytes when using target-directory forms (for example, ln SOURCE... DIRECTORY). Unlike GNU ln, which treats filenames as raw bytes, the uutils implement...
Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: Support transactional updates...
CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
PT-2026-22974
Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 1.5.2 ClamAV versions prior to 1.4.4 Description A flaw exists in the HTML Cascading Style Sheets CSS module of ClamAV that could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. Thi...
Artifex Ghostscript 安全漏洞
Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Format PDL. A security vulnerability exists in Artifex Ghostscript versions prior to 10.05.0, which stems from the improper handling of long...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
UBUNTU-CVE-2017-17784
In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...
DEBIAN-CVE-2006-4573
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" utf8handlecomb function in encoding.c in screen before 4.0.3 allows user-assisted attackers to cause a denial of service crash or hang via certain UTF8 sequences...