>> ARCHIVE: 2016-03

Lzx_Decoder::init() initializes the vector Lzx_Decoder->window to a fixed size of 2^method bytes, which is then used during Lzx_Decoder::Extract(). It’s possible for LZX compressed streams to exceed this size. Writes to…

A major component of Comodo Antivirus is the x86 emulator, which includes a number of shims for win32 API routines so that common API calls work in emulated programs (CreateFile,…

Wireshark suffers from a crash vulnerability due to a static memory out-of-bounds write that can be observed in an ASAN build of Wireshark .

In COleMemFile::LoadDiFatList, values from the header are used to parse the document FAT. If header.csectDif is very high, the calculation overflows and a very small buffer is allocated. The document…

The Comodo Antivirus LZMA decoder performs insufficient parameter checks, resulting in a heap overflow vulnerability.

Packman is an obscure opensource executable packer that Comodo Antivirus attempts to unpack during scanning. If the compression method is set to algorithm 1, compression parameters are read directly from…

Comodo Antivirus includes a x86 emulator that is used to unpack and monitor obfuscated executables, this is common practice among antivirus products. The idea is that emulators can run the…

WordPress Brandfolder plugin versions 3.0 and below suffer from local and remote file inclusion vulnerabilities.

WordPress Dharma Booking plugin versions 2.28.3 and below suffer from local and remote file inclusion vulnerabilities.

WordPress Memphis Document Library plugin version 3.1.5 suffers from an arbitrary file download vulnerability.