4 matches found
CVE-2017-1000472
POCO C++ Libraries prior to 1.8 contain a ZIP path-validation flaw in ZipCommon::isValidPath() that can allow absolute path traversal during ZIP decompression, potentially enabling creation or overwriting of arbitrary files via a crafted ZIP file. Reports across multiple distributions (Debian, Fe...
CVE-2023-52389
CVE-2023-52389 affects POCO’s UTF32Encoding implementation. The vulnerability arises from an integer overflow in Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert(), which may return a negative value for certain UTF-32 byte sequences (>= 0x80000000), leading to a stack buffer overfl...
CVE-2025-45766
CVE-2025-45766 relates to the Poco library, specifically version 1.14.1-release , which is described as having a weakness in encryption. The description notes a dispute over whether key lengths should be determined by the application using the library rather than by the library itself. The connec...
CVE-2025-6375
CVE-2025-6375 affects Poco up to 1.14.1. The vulnerable element is the function MultipartInputStream in Net/src/MultipartReader.cpp , where input manipulation can cause a null pointer dereference . Exploitation requires local access . A fix is available in Poco 1.14.2 (patch: 6f2f85913c191ab9ddfb...