Cisco Talos Blog

September 23, 2021 11:00

Vulnerability Spotlight: Information disclosure vulnerability in D-LINK DIR-3040 mesh router

Dave McDaniel of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable information disclosure vulnerability in the D-LINK DIR-3040 smart WiFi mesh router that could allow an adversary to eventually turn off the device or remove other connected

September 13, 2021 10:12

Vulnerability Spotlight: Code execution vulnerability in Nitro Pro PDF

A Cisco Talos team member discovered these vulnerabilities. Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. Nitro Pro PDF is part of Nitro Software’s Productivity Suite.

September 7, 2021 11:56

Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library

Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution. The dxflib library is a C++ library utilized by digital desig

August 13, 2021 14:23

Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro

Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a memory corruption vulnerability in Disc Soft Ltd.'s Daemon Tools Pro. Daemon Tools Pro is a professional emulation software that works with disc images and virtual drives. It allows

August 13, 2021 10:43

Vulnerability Spotlight: Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content

A Cisco Talos team member discovered these vulnerabilities. Cisco Talos recently discovered multiple integer overflow vulnerabilities in the GPAC Project on Advanced Content that could lead to memory corruption. The GPAC Project on Advanced Content is an open-source cross-platf

August 10, 2021 13:22

Vulnerability Spotlight: Multiple vulnerabilities in AT&T Labs’ Xmill utility

Carl Hurd of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in AT&T Labs’ Xmill utility. An attacker could take advantage of these issues to carry out a variety of malicious actions, including corrupting the application

August 10, 2021 12:21

Vulnerability Spotlight: Code execution vulnerability in Mozilla Firefox

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a use-after-free vulnerability in Mozilla Firefox that could lead to code execution. Firefox is a widely used web browser available on many operating systems. This specific vulne

August 4, 2021 10:16

Vulnerability Spotlight: Use-after-free vulnerability in tinyobjloader

Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered that a specific function of tinyobjloader does not properly validate array indexes. An adversary could trick a user into opening a specially crafted file, causing an index out-of-bound

June 28, 2021 11:01

Vulnerability Spotlight: Memory corruption vulnerability in PowerISO’s DMG handler

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a memory corruption vulnerability in PowerISO’s handler that deals with DMG files. PowerISO is a CD/DVD/BD image file processing tool, which allows users to open, extr