Debian ≫ Debian Linux

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execut...