Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Integer Underflow in Lexbor ISO‑2022‑JP Encoder
Vulnerability Description
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE_MAX. Afterwards, memcpy is called with a negative length, leading to an out‑of‑bounds read from the stack and an out‑of‑bounds write to the heap. The source data is partially controllable via the contents of the DOM tree. This vulnerability is fixed in 2.7.0.
CVSS Information
N/A
Vulnerability Type
整数下溢(超界折返)
Vulnerability Title
Lexbor 缓冲区错误漏洞
Vulnerability Description
Lexbor是Lexbor开源的一个用于处理HTML和CSS的C语言工具库。 Lexbor 2.7.0之前版本存在缓冲区错误漏洞,该漏洞源于ISO-2022-JP编码器存在整数下溢,可能导致越界读取和越界写入。
CVSS Information
N/A
Vulnerability Type
N/A