Search CVE reports

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in...

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to...

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances. Similar to CVE-2024-11053.

Using libcurl, when a custom `Host:` header is first set for a HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use...

curl might erroneously pass on credentials for a first proxy to a second proxy.

libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host.

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent...

Possible OOB read/write with SPA authenticator

Possible OOB read with large UTF8 trailing characters