Month: August 2023

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. Continue reading CVE-2022-37052 (poppler)→

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. Continue reading CVE-2022-37051 (poppler)→

Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. Continue reading CVE-2022-29654 (netwide_assembler)→

Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function. Continue reading CVE-2022-26592 (libsass)→

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service. Continue reading CVE-2022-25024 (json2xml)→

A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. Continue reading CVE-2022-28071 (radare2)→

A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0. Continue reading CVE-2022-28070 (radare2)→

A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0. Continue reading CVE-2022-28073 (radare2)→

A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. Continue reading CVE-2022-28072 (radare2)→

A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. Continue reading CVE-2022-28068 (radare2)→