Lucene search
K
PocoprojectPoco

4 matches found

CVE
CVE
added 2018/01/03 8:0 p.m.151 views

CVE-2017-1000472

POCO C++ Libraries prior to 1.8 contain a ZIP path-validation flaw in ZipCommon::isValidPath() that can allow absolute path traversal during ZIP decompression, potentially enabling creation or overwriting of arbitrary files via a crafted ZIP file. Reports across multiple distributions (Debian, Fe...

6.5CVSS6.4AI score0.01681EPSS
CVE
CVE
added 2024/01/27 12:0 a.m.59 views

CVE-2023-52389

CVE-2023-52389 affects POCO’s UTF32Encoding implementation. The vulnerability arises from an integer overflow in Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert(), which may return a negative value for certain UTF-32 byte sequences (>= 0x80000000), leading to a stack buffer overfl...

9.8CVSS9.4AI score0.00851EPSS
CVE
CVE
added 2025/08/06 12:0 a.m.50 views

CVE-2025-45766

CVE-2025-45766 relates to the Poco library, specifically version 1.14.1-release , which is described as having a weakness in encryption. The description notes a dispute over whether key lengths should be determined by the application using the library rather than by the library itself. The connec...

7CVSS6.7AI score0.00132EPSS
CVE
CVE
added 2025/06/21 12:31 a.m.38 views

CVE-2025-6375

CVE-2025-6375 affects Poco up to 1.14.1. The vulnerable element is the function MultipartInputStream in Net/src/MultipartReader.cpp , where input manipulation can cause a null pointer dereference . Exploitation requires local access . A fix is available in Poco 1.14.2 (patch: 6f2f85913c191ab9ddfb...

5.5CVSS4AI score0.00212EPSS