5 matches found
EUVD-2026-30739
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
EUVD-2025-204541
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...
PoDoFo 资源管理错误漏洞
PoDoFo is a free portable C++ library open-sourced by PoDoFo. A resource management error vulnerability exists in PoDoFo version 0.10.0, which stems from the function PoDoFo::PdfEncrypt::IsMetadataEncrypted containing heap reuse after release. A remote attacker can exploit this vulnerability to...
GNU LibreDWG 缓冲区错误漏洞
LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10. An attacker can exploit this vulnerability via the bitcalcCRC ... /... /src/bits.c:2213 to exploit the vulnerability and cause a heap buffer overflow...
UBUNTU-CVE-2020-7720
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...