Category Archives: Advisories

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the “sandboxed” context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code.

Advisories

USN-5256-1: uriparser vulnerabilities

July 13, 2022

Read Time:8 Second

It was discovered that uriparser incorrectly handled certain memory operations.
An attacker could use this to cause a denial of service.
(CVE-2021-46141, CVE-2021-46142)

Advisories

ZDI-22-1001: Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability

July 13, 2022

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-1000: Adobe Acrobat Reader DC AcroForm value Use-After-Free Remote Code Execution Vulnerability

July 13, 2022

Read Time:12 Second

Advisories

ZDI-22-999: Adobe Character Animator SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

July 13, 2022

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories