CVE-2023-29539

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-476
View all →

Vulnerability Description

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

Related Vulnerabilities

CVE-2016-3616

HIGH
CVSS:8.8(High)

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

CWE-4762016

CVE-2017-0321

HIGH
CVSS:8.8(High)

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potent...

CWE-4762017

CVE-2017-11096

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.

CWE-4762017

CVE-2017-11097

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.

CWE-4762017

CVE-2017-11100

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.

CWE-4762017

CVE-2017-11101

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.

CWE-4762017