MidnightBSD

Advisories for nih

CVE-2012-1162 HIGH

Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nih libzip 0.10
CVE-2012-1163 MEDIUM

Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
nih libzip 0.10
CVE-2015-2331 HIGH

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
php php 5.5.0
php php 5.5.10
php php 5.5.16
php php 5.6.5
php php 5.6.0
nih libzip *
php php 5.6.3
php php 5.5.4
fedoraproject fedora 22
php php 5.5.5
php php 5.5.3
php php 5.5.18
php php 5.5.15
php php 5.5.21
php php *
php php 5.5.8
php php 5.5.12
php php 5.5.1
opensuse opensuse 13.1
php php 5.5.2
php php 5.5.20
php php 5.5.22
php php 5.5.14
php php 5.5.11
php php 5.5.17
php php 5.6.6
php php 5.5.13
opensuse opensuse 13.2
php php 5.6.1
php php 5.5.9
php php 5.5.6
php php 5.6.4
php php 5.5.7
php php 5.5.19
php php 5.6.2
debian debian_linux 7.0
CVE-2018-16716 HIGH

A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
nih ncbi_toolbox *
CVE-2018-16717 HIGH

A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nih ncbi_toolbox *
CVE-2018-16718 MEDIUM

An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
nih ncbi_toolbox *
CVE-2024-24793

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_element_create()` parsing the elements in the File Meta Information header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
nih libdicom 1.0.5
CVE-2024-24794

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
nih libdicom 1.0.5