CVE-2025-47814

CVE-2025-47814 describes a heap-based buffer overflow in PSPP’s zip reader. The vulnerable component is the PSPP core library, specifically the file zip-reader.c, within the function inflate_read (called indirectly from spv_read_xml_member). This issue affects the library artifact libpspp-core.a ...

CVE-2025-47814

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflateread called indirectly from spvreadxmlmember in zip-reader.c...

CVE-2025-47814

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflateread called indirectly from spvreadxmlmember in zip-reader.c...

[SECURITY] [DLA 3950-1] libarchive security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3950-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk November 11, 2024 https://wiki.debian.org/LTS -...

MGASA-2022-0142 Updated libarchive packages fix security vulnerability

7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in readchildren. RARv4 redaer: fix multiple issues in RARv4 filter code introduced in libarchive 3.6.0: - fix heap use after free in archivereadformatrarreaddata;...

Updated libarchive packages fix security vulnerability

7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in readchildren. RARv4 redaer: fix multiple issues in RARv4 filter code introduced in libarchive 3.6.0: - fix heap use after free in archivereadformatrarreaddata;...

DEBIAN-CVE-2021-39293

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...

openSUSE 15 Security Update : go1.17 (openSUSE-SU-2021:3833-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3833-1 advisory. - ImportedSymbols in debug/macho for Open or OpenFat in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End...

Code injection

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field...

Google Golang 输入验证错误漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

OESA-2021-1302 apache-commons-compress security update

The Apache Commons Compress library defines an API for working with ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. Security Fixes: When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error...

MGASA-2021-0369 Updated golang packages fix security vulnerabilities

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method CVE-2021-27918. net/http in Go before 1.15.12 and 1.16.x before 1.16....

UBUNTU-CVE-2016-9296

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause ...

UBUNTU-CVE-2015-8927

The tradencdecryptupdate function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds heap read and crash via a crafted zip file, related to reading the password...