Zhihua.Yao

Researcher fromDBAPPSecurity
#11652of 53,633
23.6Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2018-12479
6.1
2018-07-18
Pagekit · Pagekit · CVE-2018-14381
**Name of the Vulnerable Software and Affected Versions** Pagekit versions prior to 1.0.14 **Description** The issue is related to an open redirect vulnerability. It affects the `/user/login?redirect=` endpoint, where the `redirect` parameter is vulnerable. This could potentially allow attackers to redirect users to malicious sites. **Recommendations** For versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/user/login?redirect=` endpoint until the update is applied. Avoid using the `redirect` parameter in the affected endpoint until the issue is resolved.
PT-2017-3862
10
2017-10-03
Graphicsmagick · Graphicsmagick · CVE-2017-15238
**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a use-after-free problem in the ReadOneJNGImage function, located in coders/png.c, which can occur when the height or width is zero. This is connected to the ReadJNGImage function. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For GraphicsMagick version 1.3.26, consider disabling the ReadOneJNGImage function as a temporary workaround until a patch is available. Restrict the use of the ReadJNGImage function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2017-12788
7.5
2017-08-18
Libtiff · Libtiff · CVE-2017-12944
**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.8 **Description** The issue is related to the TIFFReadDirEntryArray function in tif read.c, which mishandles memory allocation for short files. This can be exploited by remote attackers to cause a denial of service, leading to an allocation failure and application crash in the TIFFFetchStripThing function in tif dirread.c, particularly during a tiff2pdf invocation. **Recommendations** For LibTIFF version 4.0.8, consider updating to a newer version that addresses this issue, as the current version mishandles memory allocation, leading to potential crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.