Page 125 of 982 results (0.013 seconds)

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. Se detectó un problema en OpenEXR versiones anteriores a v2.5.2. Los atributos chunkCount no válidos pueden causar un desbordamiento del búfer de la pila en la función getChunkOffsetTableSize() en el archivo IlmImf/ImfMisc.cpp • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md https://github.com/AcademySoftwareFoundation/openexr/pull/738 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://li • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. Se encontró un fallo en el Red Hat Ceph Storage RadosGW (Ceph Object Gateway). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00062.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753 https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFU7LXEL2UZE565FJBTY7UGH2O7ZUBVS https://security.gentoo.org/glsa/202105-39 https://usn.ubuntu.com/4528-1 https://access.redhat.com/securi • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. Pillow versiones anteriores a 7.1.0, presenta múltiples lecturas fuera de límites en la biblioteca libImaging/FliDecode.c A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c. • https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4503 https://github.com/python-pillow/Pillow/pull/4538 https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en • CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. En la biblioteca libImaging/SgiRleDecode.c en Pillow versiones hasta 7.0.0, se presentan múltiples lecturas fuera de límites en el análisis de archivos de imagen SGI, un problema diferente de CVE-2020-5311 An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/python-pillow/Pillow/pull/4504 https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html https://pillow.readthedocs.io/en/stable/releasenotes/index.html https://usn.ubuntu.com/4430-1 https:&#x • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. En la biblioteca libImaging/Jpeg2KDecode.c en Pillow versiones anteriores a 7.1.0, se presentan múltiples lecturas fuera de límites por medio de un archivo JP2 diseñado An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality. • https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4505 https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes https://pillow.readthedocs.io/en/stable/releasenotes/ • CWE-125: Out-of-bounds Read •