Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

CVE-2020-24075: Kalium Changelog - Laborator

Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

Dear user,

XnView 2.49.4 for Windows is available. Versions are available on the normal XnView Download page.

Please note that the XnView Download page offers packages with German/French Setup and German/French Online help.

Direct links to the English Standard version are:  
http://download.xnview.com/XnView-win.exe (English Setup, Multi language)  
http://download.xnview.com/XnView-win.zip (ZIP file, Multi language)

XnView Shell Extension 32bits:  
http://download.xnview.com/XnShellEx.exe  
http://download.xnview.com/XnShellEx.zip

XnView Shell Extension 64bits:  
http://download.xnview.com/XnShellEx64.exe  
http://download.xnview.com/XnShellEx64.zip

SHA256:  
XnView-win.exe: 030E3E45C51A349A3417B52AD6F6547267F1AA6E86BF03BB13E49341AB9FAEB8  
XnView-win.zip: 9E936FB7CD699019A2D1ADF795D6BB078A08686D95ACA0BEA482E0ECE5C72902  
XnView-win-full.exe: 31E13FE27894610D27167ABB0503C6B109E00169D6F3E291BE6661D27953E1C6  
XnView-win-full.zip: 646DE249CEB6E9C1736BC34217C36E720FD7E2FA25468B271A6DEC18707D4E3E  
XnView-win-small.exe: 57E5DF33083C3F440CFA7E44ABE4403724679EEC7A1E57018A5B81A1748557FB  
XnView-win-small.zip: 15DC199567011B41B616BB38DFF31771A9D3E65F1517FC2BEE2068DD69B479FE

\_\_\_\_ 2.49.4 Changelog

\* Ghostscript 9.53.x  
\* GPS & file date - viewtopic.php?f=56&t=40971  
\* TIFF Security vulnerability (Thanks to Michael Heinzl)  
\* NConvert: -levels2 - viewtopic.php?f=57&t=40490  
\* NConvert: -resize supports cm/mm/inches  
\* NConvert: -autodeskew fixed  
\* NConvert: -noholder to disable %$ chars - viewtopic.php?f=57&t=40820

\_\_\_\_ 2.49.3 Changelog

\* Convert 16 to 256 colors - viewtopic.php?f=36&t=39421  
\* Disable ESC to close tabs - viewtopic.php?f=35&t=17078  
\[General\] EscToCloseView=0  
\* Select file from search results & switching mode - viewtopic.php?f=34&t=40063  
\* Title empty when recurse - viewtopic.php?f=36&t=39979  
\* Resize - viewtopic.php?f=35&t=40248  
\* Slideshow: Order of files - viewtopic.php?f=56&t=40087  
\* Fortis Mag fix  
\* NConvert: -wmsize watermark percent size - viewtopic.php?f=57&t=38754  
\* NConvert: canvas size in inches/cm/mm - viewtopic.php?f=57&t=39361  
\* NConvert: replace\_color - viewtopic.php?f=57&t=39769  
\* NConvert: -temperature added

\_\_\_\_ 2.49.2 Changelog

\* Problem with Ghostscript 9.50  
\* PDF font problem - viewtopic.php?f=36&t=39662  
\* CR3 - viewtopic.php?f=35&t=39478  
\* .sld must use 'Recurse' setting - viewtopic.php?f=35&t=39330  
\* GIF loop - viewtopic.php?f=36&t=31689  
\* PAM CMYK

\_\_\_\_ 2.49.1 Changelog

\* TIFF 16bits greyscale

\_\_\_\_ 2.49 Changelog

\* SQLite 3.29.0  
\* NConvert: greater\_than/less\_than condition - viewtopic.php?f=57&t=39147  
\* PSD: Error when writing metadata - viewtopic.php?f=57&t=39137  
\* Export - Problem with RGBA - viewtopic.php?f=36&t=39044  
\* Capture - viewtopic.php?f=36&t=38934  
\* Left/Right F11 to open fullscreen on Left/Right monitor  
\* Create multi file & folder with '.' - viewtopic.php?f=36&t=39008  
\* # to comment line in .sld file  
\* Multipage create: Check if output filename exists  
\* Slideshow crash when using animated GIF - viewtopic.php?f=36&t=38902  
\* XIM format import added  
\* Change timestamp must not use 12h format - viewtopic.php?f=36&t=38702  
\* GIF not played correctly in Slideshow - viewtopic.php?f=34&t=38303  
\* CVE - https://github.com/apriorit/pentesting/ ... ugs/xnview  
\* NConvert: -unsharp  
\* NConvert: -exposure - viewtopic.php?f=57&t=39136  
\* NConvert: -colorize h l s  
\* NConvert: Remove EXIF orientation -exif\_rotation - viewtopic.php?f=57&t=38648  
\* \[Rename\]/TemplateStart, position of number in template - viewtopic.php?f=34&t=38568  
\* CVE-2019-12151  
\* ShellEx: 'Convert...' & input fields

\_\_\_\_ 2.48 Changelog

\* RGB inverted when printing 8bits cmap picture from browser  
\* WebP 32bits  
\* PDF Multipage create - viewtopic.php?f=35&t=38030

\_\_\_\_ 2.47 Changelog

XCF 2.10  
ICNS with JPEG2000 icon  
GIF loop & Quick slideshow - viewtopic.php?f=36&t=31689  
Problem with local charset for image description EXIF field  
\[Start\]/BugBlueLine=1 to remove the bug of blue line  
PDF output without font info - viewtopic.php?f=35&t=38030  
Space must not show tagbox if not enabled  
NConvert: -no\_auto\_rotate - viewtopic.php?f=57&t=38239  
NConvert: -autocrop with position  
NConvert: add -lower to lower case output filename  
NConvert: Bug when output filename contains a numeric enumerator - viewtopic.php?f=57&t=38014

\_\_\_\_ 2.46 Changelog

JPEG2000 YCC - viewtopic.php?f=35&t=37806  
Bad loading for ARW - viewtopic.php?f=36&t=37683  
TIFF with JPEG compression - viewtopic.php?f=35&t=37585  
Adjust dialog clipped - viewtopic.php?f=36&t=32011  
PDF version 1.4 output  
Sqlite 2.24.0  
RLE & ICO vulnerabilities Cody Sixteen from STM Solutions  
NConvert: stdout problem on windows - viewtopic.php?f=57&t=37810

\_\_\_\_ 2.45 Changelog

License written in HKCU  
Support HPI with transparency  
Shows dots under certain conditions - viewtopic.php?f=36&t=37447  
Resize - viewtopic.php?f=36&t=37451  
Blue bar - viewtopic.php?f=36&t=36278  
Resize dialog crash with ^^ - viewtopic.php?f=36&t=36644  
Parameters & External program - viewtopic.php?f=35&t=15465

\_\_\_\_ 2.44 Changelog

Monitor power off during slideshow  
Color profile not used Browser>Print - viewtopic.php?f=36&t=36833  
\-filelist doesn't work anymore  
Tile child window - viewtopic.php?f=56&t=36527  
Strange colors on grey image - viewtopic.php?f=35&t=36485  
UTF8 Exif Image Description

\_\_\_\_ 2.43 Changelog

Better HEIF support - http://www.xnview.com/download/plugins/heif\_x32.zip  
Unwanted file types shown in Viewer - viewtopic.php?f=36&t=35484  
FileListUseExt=1  
Alpha glitch - viewtopic.php?f=36&t=36454  
Folder browsing via command line - viewtopic.php?f=36&t=36434  
Lossless crop corruption - viewtopic.php?f=36&t=36378

\_\_\_\_ 2.42 Changelog

HEIF support - Extract http://www.xnview.com/download/plugins/heif\_x32.zip in Plugins folder

\_\_\_\_ 2.41 Changelog

Basic support for unicode filename  
2Gb limitation on 64bits OS - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35165  
Displaying RGBA image without use alpha - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35809  
Print TIFF with orientation flag in browser - http://newsgroup.xnview.com/viewtopic.php?f=36&t=36197  
GIF loop not saved in .sld - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35991  
Clip support - http://newsgroup.xnview.com/viewtopic.php?f=34&t=28554  
Slideshow crash on RAW files - http://newsgroup.xnview.com/viewtopic.php?f=36&t=34632  
TIF > 2GB & multipage - http://newsgroup.xnview.com/viewtopic.php?f=79&t=35056  
RGBA printing  
Thumbnails upscaling - http://newsgroup.xnview.com/viewtopic.php?f=35&t=36090  
NConvert: -keepdocsize fixed  
NConvert: -shadow - http://newsgroup.xnview.com/viewtopic.php?f=57&t=36163  
NConvert: -align - http://newsgroup.xnview.com/viewtopic.php?f=57&t=36164

\_\_\_\_ 2.40 Changelog

CMYK image default color profile - http://newsgroup.xnview.com/viewtopic.php?f=35&t=31685  
http://newsgroup.xnview.com/viewtopic.php?f=35&t=28839  
RGBA resize (bilinear) - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33425  
http://newsgroup.xnview.com/viewtopic.php?t=29238  
http://newsgroup.xnview.com/viewtopic.php?t=34493  
Ctrl+RMB to copy color - http://newsgroup.xnview.com/viewtopic.php?p=141793  
Capture rectangle on second monitor - http://newsgroup.xnview.com/viewtopic.php?f=56&t=32892  
Print 50+ via command line - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35350  
Filelist to print - http://newsgroup.xnview.com/viewtopic.php?f=34&t=35378  
LIBPNG 1.6.29  
SQLite 3.18.0  
ZLIB 1.2.11  
LCMS 2.8  
BMP 2+10+10+10 - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32577  
Category removed if delete file - http://newsgroup.xnview.com/viewtopic.p ... 2&start=15  
Category moved with Cut/Paste  
8BF & undo - http://newsgroup.xnview.com/viewtopic.php?f=36&t=34508  
'Purge Now' - http://newsgroup.xnview.com/viewtopic.php?f=34&t=32667  
OpenEXR updated - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33039  
Resize gamma correction - http://newsgroup.xnview.com/viewtopic.php?f=34&t=33273  
Change timestamp & DST - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33483  
Selection + Tab - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33983  
GIF loop - http://newsgroup.xnview.com/viewtopic.php?f=35&t=34036  
PAM format - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35132  
JPEG 2000 - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35277  
Maximize on first monitor - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32343  
Resize default size - http://newsgroup.xnview.com/viewtopic.php?f=34&t=33694  
PEF for thumbnail's folder - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35363  
Cancel removed from Setup wizard - http://newsgroup.xnview.com/viewtopic.php?f=34&t=32958  
Previous/Next file & RecognizeByExt == false - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33127  
Next/Previous & video - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35182  
Better dialog for update - http://newsgroup.xnview.com/viewtopic.php?f=34&t=19950  
WebP plugin updated  
OpenJPEG2000 updated  
RIOT addon updated  
PNGOUT updated  
X3F with only embedded JPEG  
NConvert: text with -text\_rotation - http://newsgroup.xnview.com/viewtopic.php?f=57&t=35441  
NConvert: -text\_border added

\_\_\_\_ 2.39 Changelog

no IPTC fields in tooltip/info  
Thumbnail for blend file

\_\_\_\_ 2.38 Changelog

Sort by exif - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32387  
Zooming instead file navigation - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33917

\_\_\_\_ 2.37 Changelog

Better HiDPI support  
Change timestamp and video  
GPS direction - http://newsgroup.xnview.com/viewtopic.php?f=35&t=33587  
Right click (make selection) and delete - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33700  
NConvert: Multipage extract - http://newsgroup.xnview.com/viewtopic.php?f=57&t=33879

\_\_\_\_ 2.36 Changelog

FLIF format added  
SVG support via rsvg-convert.exe - http://newsgroup.xnview.com/viewtopic.php?f=34&t=31748  
Search similar & extension - http://newsgroup.xnview.com/viewtopic.php?f=56&t=32840  
Multipage save doesn't use read settings  
PCT crash - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33025  
NConvert: -t start step for number in output name

\_\_\_\_ 2.35 Changelog

#THUMB\_WIDTH\_MAX# & #THUMB\_HEIGHT\_MAX# - http://newsgroup.xnview.com/viewtopic.php?f=34&t=30652  
JPEGXR  
Backspace not working in fullscreen  
LibPNG 1.6.20  
ZIPPack Addon - http://newsgroup.xnview.com/viewtopic.php?f=35&t=31563

Pierre.

CVE-2021-28427: XnView 2.49.4 - XnView Software

Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.

  

XnView Classic: Best Photo Viewer, Image Resizer & Batch Converter for Windows.

XnView is compatible with Windows 7 and Windows 10.  
Version 2.51.2

  

**XnView** is an efficient image viewer, browser and converter for Windows.  
This software is really simple to use and totally free for personal use. It supports more than 500 image formats! No Adware, No Spyware. Download for Windows

Features

Photo Viewer

With XnView you can browse, organize, and view your images in numerous ways:

*   Thumbnail View
*   FullScreen View
*   FilmStrip View
*   SlideShow with FX
*   Images Compare
*   etc...

Photo Editor

XnView allows you to process your images with an arsenal of editing tools:

*   Resize, Rotate, Crop
*   Lossless Rotate & Crop (jpeg)
*   Adjust Brightness, Contrast, ...
*   Auto Levels, Auto Contrast
*   Modify Colors depth & palette
*   Apply filters & Effects

Create

In addition to **exporting** to more than 70 Formats XnView lets you create:

*   SlideShows
*   Web Pages
*   Contact Sheets
*   Video Thumbnails Gallery
*   File Listings
*   Strip of Images

Unrivaled Compatibility

XnView lets you **read** about 500 formats (including Multipage and animated still formats APNG, TIFF, GIF, ICO,etc..).  
_Some formats may require Plug-ins_

XnView also provides a convenient **Screen Capture module** and Windows ™ **TWAIN & WIA** interface to capture images.

And Much More ...

Some other notable features of XnView are:

*   Metadata support & Editing (IPTC)
*   JPEG lossless Transforms
*   Duplicate File Finder
*   Batch Processing
*   Batch Rename
*   Print Module

Downloads

Download **XnView 2.51.2** for Windows:

Donate

XnView is provided as **FREEWARE** (NO Adware, NO Spyware) for private or educational use (including non-profit organizations).  
If you enjoy using XnView, Don't hesitate to help the developer with a small donation.

You may want to check out all the Addons also available for XnView.

SHA-256 checksums:  
XnView-win.exe: A09A25EC83F277580821AFC0982041078E8992A9C778E52984CE6CC8F3C69B90  
XnView-win.zip: B463C5E2B77F981614B67E4AAB0D78385DC2EE80A6A8852EE129ED2E345BD1D4  
XnView-win-full.exe: 5089486DD86D0DE1CB55EEA4D13EB73BDC2BBCECD4831371F971DE50E4E2DA7B  
XnView-win-full.zip: 96D8A69DA9014466A22ED3677426E0134D8C41452202E8C198314559A5A1807A  
XnView-win-small.exe: 064A8D8647C1D3FD2AAC97DB1FE8A04FDAD3E80C63A1AC3591C980452E7E01E2  
XnView-win-small.zip: 1DA17B608BB0D7E5892FAD7562D8E9E36C6459118AFA30F11A412C91AC6D7916'

Screenshots

History of changes

Changelog

Support

**Visit the Forum**

The XnView forum is probably the best place to start interacting with other users and the developer.

**User Guide**

XnView Wiki is where XnView user guide is maintained.

CVE-2021-28835: The Best Windows Photo Viewer, Image Resizer and Batch Converter · XnView

Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.

There is a segment fault in jfif\_decode (ctxt=0x60a010, pb=0x7fffffffe3c0) at jfif.c:545.

My system is ubuntu 16.04.6 amd64. I compiled the lastest version of ffjpeg and use my fuzzer to fuzz it by using the command ling:  
ffjpeg -d \[file\_name\]

I got a crash sample that could cause a segment fault.

The sample is attached below.  

yang@yang-HP-ZHAN-99-Mobile-Workstation-G1:/MyProject/remote\_test/target\_src/ffjpeg/src$ gdb ./ffjpeg  
GNU gdb (Ubuntu 7.11.1-0ubuntu116.5) 7.11.1  
Copyright (C) 2016 Free Software Foundation, Inc.  
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html  
This is free software: you are free to change and redistribute it.  
There is NO WARRANTY, to the extent permitted by law. Type "show copying"  
and "show warranty" for details.  
This GDB was configured as "x86\_64-linux-gnu".  
Type "show configuration" for configuration details.  
For bug reporting instructions, please see:  
http://www.gnu.org/software/gdb/bugs/.  
Find the GDB manual and other documentation resources online at:  
http://www.gnu.org/software/gdb/documentation/.  
For help, type "help".  
Type "apropos word" to search for commands related to "word"...  
Reading symbols from ./ffjpeg...done.  
(gdb) r -d /home/yang/crash.jpg  
Starting program: /home/yang/MyProject/remote\_test/target\_src/ffjpeg/src/ffjpeg -d /home/yang/crash.jpg

Program received signal SIGSEGV, Segmentation fault.  
0x0000000000402eb2 in jfif\_decode (ctxt=0x60a010, pb=0x7fffffffe3c0) at jfif.c:545  
545 yuv\_to\_rgb(\*ysrc, \*usrc, \*vsrc, bdst + 2, bdst + 1, bdst + 0);  
(gdb) list  
540 for (j=0; jwidth; j++) {  
541 int ux = j \* jfif->comp\_info\[1\].samp\_factor\_h / sfh\_max;  
542 int vx = j \* jfif->comp\_info\[2\].samp\_factor\_h / sfh\_max;  
543 usrc = yuv\_datbuf\[1\] + uy \* yuv\_stride\[1\] + ux;  
544 vsrc = yuv\_datbuf\[2\] + vy \* yuv\_stride\[2\] + vx;  
545 yuv\_to\_rgb(\*ysrc, \*usrc, \*vsrc, bdst + 2, bdst + 1, bdst + 0);  
546 bdst += 3;  
547 ysrc += 1;  
548 }  
549 bdst -= jfif->width \* 3;  
(gdb)

We used ASAN to identify crash type.  
\==12023==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f1c5c6da24c at pc 0x000000405d2d bp 0x7ffe6131cc00 sp 0x7ffe6131cbf0  
READ of size 4 at 0x7f1c5c6da24c thread T0  
#0 0x405d2c in jfif\_decode /home/aota04/MC\_xxfuzz/test/ffjpeg/build\_asan/src/jfif.c:545  
#1 0x401233 in main (/home/aota04/MC\_xxfuzz/test/ffjpeg/build\_asan/src/ffjpeg+0x401233)  
#2 0x7f1c5b1f383f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2083f)  
#3 0x4010c8 in \_start (/home/aota04/MC\_xxfuzz/test/ffjpeg/build\_asan/src/ffjpeg+0x4010c8)

0x7f1c5c6da24c is located 0 bytes to the right of 141900-byte region \[0x7f1c5c6b7800,0x7f1c5c6da24c)  
allocated by thread T0 here:  
#0 0x7f1c5b635602 in malloc (/usr/lib/x86\_64-linux-gnu/libasan.so.2+0x98602)  
#1 0x404c96 in jfif\_decode /home/aota04/MC\_xxfuzz/test/ffjpeg/build\_asan/src/jfif.c:442  
#2 0x401233 in main (/home/aota04/MC\_xxfuzz/test/ffjpeg/build\_asan/src/ffjpeg+0x401233)  
#3 0x7f1c5b1f383f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2083f)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/aota04/MC\_xxfuzz/test/ffjpeg/build\_asan/src/jfif.c:545 jfif\_decode  
Shadow bytes around the buggy address:  
0x0fe40b8d33f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0fe40b8d3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0fe40b8d3410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0fe40b8d3420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0fe40b8d3430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
\=>0x0fe40b8d3440: 00 00 00 00 00 00 00 00 00\[04\]fa fa fa fa fa fa  
0x0fe40b8d3450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0fe40b8d3460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0fe40b8d3470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0fe40b8d3480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0fe40b8d3490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
Shadow byte legend (one shadow byte represents 8 application bytes):  
Addressable: 00  
Partially addressable: 01 02 03 04 05

CVE-2020-24222: ffjpeg "jfif_decode" function segment fault · Issue #31 · rockcarry/ffjpeg

An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).

I used the command line gif2tga --outbase /dev/null path\_to\_file to run gif2tga and got a timeout.  
The program didn't return or repsond.  
The system is ubuntu 16.04.6 amd-64, source commit id is: 0245fd4  
compiled by gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12)

debug informations is:  
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1  
Copyright (C) 2016 Free Software Foundation, Inc.  
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html  
This is free software: you are free to change and redistribute it.  
There is NO WARRANTY, to the extent permitted by law. Type "show copying"  
and "show warranty" for details.  
This GDB was configured as "x86\_64-linux-gnu".  
Type "show configuration" for configuration details.  
For bug reporting instructions, please see:  
http://www.gnu.org/software/gdb/bugs/.  
Find the GDB manual and other documentation resources online at:  
http://www.gnu.org/software/gdb/documentation/.  
For help, type "help".  
Type "apropos word" to search for commands related to "word"...  
Reading symbols from gif2tga...done.  
(gdb) r --outbase /dev/null /home/yang/test.gif  
Starting program: /home/yang/MyProject/remote\_test/target\_src/ngiflib/gif2tga --outbase /dev/null /home/yang/test.gif  
^C  
Program received signal SIGINT, Interrupt.  
0x00007ffff7b04320 in \_\_read\_nocancel () at ../sysdeps/unix/syscall-template.S:84  
84 ../sysdeps/unix/syscall-template.S: No such file or directory.  
(gdb) step  
\_IO\_new\_file\_underflow (fp=0x605070) at fileops.c:594  
594 fileops.c: No such file or directory.  
(gdb) step  
597 in fileops.c  
(gdb)  
596 in fileops.c  
(gdb)  
597 in fileops.c  
(gdb)  
607 in fileops.c  
(gdb)  
613 in fileops.c  
(gdb)  
608 in fileops.c  
(gdb)  
613 in fileops.c  
(gdb)  
\_\_GI\_\_IO\_default\_uflow (fp=0x605070) at genops.c:414  
414 genops.c: No such file or directory.  
(gdb)  
417 in genops.c  
(gdb)  
\_IO\_getc (fp=0x605070) at getc.c:37  
37 getc.c: No such file or directory.  
(gdb)  
\_IO\_acquire\_lock\_fct (p=) at libioP.h:866  
866 libioP.h: No such file or directory.  
(gdb)  
\_IO\_getc (fp=0x605070) at getc.c:37  
37 getc.c: No such file or directory.  
(gdb)  
\_IO\_acquire\_lock\_fct (p=) at libioP.h:867  
867 libioP.h: No such file or directory.  
(gdb)

The poc is attached below.

  
Thank you.

CVE-2020-24221: I found a large or infinite loop in ngiflib · Issue #17 · miniupnp/ngiflib

An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.

Following the email conversation with David I am raising this security issue as agreed (or some might say a feature/expected behavior)

**Summary**  
By using the "mailto?attach=..." parameter, a website can make GNOME Gmail attach local files to an email message without showing a warning to the user, additionally when user writes an email they can't see that there is an attachment on some systems. Please see test.gif for a demonstration.

To summarize it is an analog of CVE-2020-11879 in GNOME Evolution KDE KMail (CVE-2020-11880), IBM/HCL Notes (CVE-2020-4089), and Pegasus Mail. https://twitter.com/jensvoid/status/1295357952480751616 Jens originally found this type of issue in email clients. As Jens wrote in the bugzilla report 613425 I quote: "_This is arguable a dangerous feature because it allows an attacker to exfiltrate arbitrary files on disk (and also email from the victim's IMAP account), if the victim sends an email based on attacker controlled mailto input and misses the attachment being added._"

**How to reproduce**

1.  Have GNOME Gmail client installed on Ubuntu and choose GNOME GMail and Chrome as default browsers (I tested on Ubuntu 20.04 and 18.04.4 with latest stable Chrome)
2.  Copy Tux.png to /tmp directory
3.  Open test.html
4.  Click "Send email"
5.  In the GNOME Gmail fill the "To" and "Subject" fields
6.  Click send

  
test.html

    <html>
    <body>
    <p>POC test</p>
    <p><a href="mailto:alikhan@uzakov.io?attach=/tmp/Tux.png">Send email</a></p>
    </body>
    </html>
    

Tux.png https://en.wikipedia.org/wiki/File:Tux.png  
**Additional information**  
On Ubuntu 18.04.4 with Chrome version 83.0.4103.116 attachment isn't shown, as you can see in demo above  
On Ubuntu 20.04 with the latest stable Chrome attachment is shown

CVE-2020-24904: Security issue · Issue #84 · davesteele/gnome-gmail

An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2020-24187: Poc/jerryscript/NULL-dereference-ecma_get_lex_env_type at master · Aurorainfinity/Poc

Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.

NEW Security Release LEPTON 4.7.0.

This is again a Security Bugfix. Two days after release of LEPTON 4.6.0 **Trung Thanh Le From baomatcoban.info** informed us, that the fixes in 4.6.0 are not strong enough.

That's why we have to release LEPTON 4.7.0 as a Hotfix.

Furtermore please note, that the Droplet "ShowSection is not working from 4.6.0, please use the current Droplet Sectionpicker from LEPAdoR

We are sorry for this inconvinience and ask you strongly to update to LEPTON 4.7.0.

Version 4.7.0 stable is available on Downloadpage and also a mobile Version can be downloaded.

Upgrade to LEPTON 4.7.0 is possible .

Back

CVE-2020-24872: news around LEPTON

Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-23595: CSRF Vulnerability in v5.6 · Issue #47 · yzmcms/yzmcms

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.

Source

CVE