ALT-BU-2025-12450-1
Branch c10f2 update bulletin.
Closed vulnerabilities
Modified: 2025-09-11
CVE-2025-8961
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.
- http://www.libtiff.org/
- https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing
- https://gitlab.com/libtiff/libtiff/-/issues/721
- https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960
- https://vuldb.com/?ctiid.319955
- https://vuldb.com/?id.319955
- https://vuldb.com/?submit.627957
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-38223
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
- https://github.com/tats/w3m/issues/242
- https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
- https://github.com/tats/w3m/issues/242
- https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
Closed bugs
the search box is not available in w3m
the search box at the wiki is not available in w3m
Пустой экран справки
Closed vulnerabilities
BDU:2023-07117
Уязвимость утилиты сбора информации запущенных процессов ps набора утилит командной строки procps-ng, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-4016
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
- https://gitlab.com/procps-ng/procps
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/
- https://gitlab.com/procps-ng/procps
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/
Closed vulnerabilities
Modified: 2025-09-08
CVE-2025-57052
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.