Live-Hack-CVE/CVE-2020-21531 fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:57 +0000 UTC Push: 2023-02-01 09:25:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-21529 fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:53 +0000 UTC Push: 2023-02-01 09:25:55 +0000 UTC |

Live-Hack-CVE/CVE-2021-32280 An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:50 +0000 UTC Push: 2023-02-01 09:25:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-47873 Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). CVE project by @Sn0wAlice Create: 2023-02-01 09:25:46 +0000 UTC Push: 2023-02-01 09:25:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-13221 A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:43 +0000 UTC Push: 2023-02-01 09:25:45 +0000 UTC |

Live-Hack-CVE/CVE-2019-13223 A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:39 +0000 UTC Push: 2023-02-01 09:25:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-13222 An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:36 +0000 UTC Push: 2023-02-01 09:25:38 +0000 UTC |

Live-Hack-CVE/CVE-2019-13219 A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:32 +0000 UTC Push: 2023-02-01 09:25:34 +0000 UTC |

Live-Hack-CVE/CVE-2019-13218 Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:28 +0000 UTC Push: 2023-02-01 09:25:31 +0000 UTC |

Live-Hack-CVE/CVE-2019-13220 Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:25 +0000 UTC Push: 2023-02-01 09:25:27 +0000 UTC |

Live-Hack-CVE/CVE-2018-16981 stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:21 +0000 UTC Push: 2023-02-01 09:25:24 +0000 UTC |

Live-Hack-CVE/CVE-2019-13217 A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:18 +0000 UTC Push: 2023-02-01 09:25:20 +0000 UTC |

Live-Hack-CVE/CVE-2021-42715 An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:15 +0000 UTC Push: 2023-02-01 09:25:17 +0000 UTC |

Live-Hack-CVE/CVE-2021-28021 Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:11 +0000 UTC Push: 2023-02-01 09:25:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-28041 stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:07 +0000 UTC Push: 2023-02-01 09:25:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-28042 stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:04 +0000 UTC Push: 2023-02-01 09:25:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24956 Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. CVE project by @Sn0wAlice Create: 2023-02-01 09:24:58 +0000 UTC Push: 2023-02-01 09:25:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-24241 Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. CVE project by @Sn0wAlice Create: 2023-02-01 09:24:55 +0000 UTC Push: 2023-02-01 09:24:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-23924 Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary CVE project by @Sn0wAlice Create: 2023-02-01 09:24:52 +0000 UTC Push: 2023-02-01 09:24:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-0341 A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer. CVE project by @Sn0wAlice Create: 2023-02-01 09:24:48 +0000 UTC Push: 2023-02-01 09:24:50 +0000 UTC |