17 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-5946
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker...
SUSE CVE-2015-2331
Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...
SUSE CVE-2017-14686
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because readzipdirimp in fitz/unzip.c does not check...
SUSE CVE-2019-17582
A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...
UBUNTU-CVE-2019-17582
A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...
CVE-2019-20802
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an...
CVE-2018-1002201
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
PHP ZIP extension _zip_cdir_new function integer overflow vulnerability
PHP is a popular programming language. An integer overflow vulnerability in the zipcdirnew function in zipdirent.c in libzip 0.11.2, used in the PHP ZIP extension, allows remote attackers to exploit via a special ZIP archive to crash an application or execute arbitrary code...
DEBIAN-CVE-2015-2331
Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...
UBUNTU-CVE-2015-2331
Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...
CVE-2013-0742
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a long ZIP directory entry name in an XPS file...
Stack overflow
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a long ZIP directory entry name in an XPS file...
CVE-2013-0742
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a long ZIP directory entry name in an XPS file...
Corel PDF Fusion XPS File ZIP Directory Vulnerability
Added: 08/08/2013 CVE: CVE-2013-3248 BID: 61010 OSVDB: 94933 Background Corel PDF Fusion is a software application used to assemble, edit and create PDFs from more than 100 different file types by dragging and dropping them onto the Welcome Screen. It allows adding new text, bookmarks and comment...
Corel PDF Fusion XPS File ZIP Directory Vulnerability
Added: 08/08/2013 CVE: CVE-2013-3248 BID: 61010 OSVDB: 94933 Background Corel PDF Fusion is a software application used to assemble, edit and create PDFs from more than 100 different file types by dragging and dropping them onto the Welcome Screen. It allows adding new text, bookmarks and comment...
Corel PDF Fusion XPS File ZIP Directory Vulnerability
Added: 08/08/2013 CVE: CVE-2013-3248 BID: 61010 OSVDB: 94933 Background Corel PDF Fusion is a software application used to assemble, edit and create PDFs from more than 100 different file types by dragging and dropping them onto the Welcome Screen. It allows adding new text, bookmarks and comment...
Corel PDF Fusion XPS File ZIP Directory Vulnerability
Added: 08/08/2013 CVE: CVE-2013-3248 BID: 61010 OSVDB: 94933 Background Corel PDF Fusion is a software application used to assemble, edit and create PDFs from more than 100 different file types by dragging and dropping them onto the Welcome Screen. It allows adding new text, bookmarks and comment...