Tag
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
Retailers' new holiday jingle must hit cybersecurity high points to help survive the season. Forget Dasher and Dancer — add SAST and DAST to app testing; manage third-party risks; and use MFA along with training and proper authentication to secure credentials.
New web targets for the discerning hacker
A vulnerability was found in PDF & Print Plugin. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212613 was assigned to this vulnerability.
Categories: Android Categories: News A family of malicious apps from developer Mobile apps Group are on Google Play infected with HiddenAds. (Read more...) The post Malware on the Google Play store leads to harmful phishing sites appeared first on Malwarebytes Labs.
### Impact The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. ### Patches It has been patched in 2.6.0 for muhammara and not at all for hummus ### Workarounds Do not process files from untrusted sources ### References PR: https://github.com/julianhille/MuhammaraJS/pull/194 Issue: https://github.com/julianhille/MuhammaraJS/issues/191 Issue in hummus: https://github.com/galkahana/HummusJS/issues/293 ### Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892 The difference is one is in [src/deps/PDFWriter/PDFParser.cpp](https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002#diff-09ac2c64aeab42b14b2ae7b11a5648314286986f8c8444a5b3739ba7203b1e9b) and the other is [PDFDocumentHandler.cpp](https://github.com/julianhille/MuhammaraJS/pull/194/files#diff-38d338ea4c047fd7dd9a05b5ffe7c964f0fa7e79aff4c307ccee75...
### Impact The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. ### Patches It has been patched in 3.1.1 and has been backported to 2.6.1 There is no patch for hummus ### Workarounds Do not process files from untrusted sources or update. ### References https://nvd.nist.gov/vuln/detail/CVE-2022-25892 https://github.com/galkahana/HummusJS/issues/463 https://github.com/julianhille/MuhammaraJS/issues/214 https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002 https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51 https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138 https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.
The package muhammara before 2.6.1, from 3.1.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload.