Users unable to upgrade should only accept compressed data from trusted sources.įast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. ![]() The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. There are no known workarounds for this vulnerability. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. An out-of-bounds write was found in Exiv2 version v0.28.0. ![]() Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.Įxiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. ![]() Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |