{"vulnerability": "CVE-2022-3509", "sightings": [{"uuid": "64c296d4-deb7-4635-8ddb-73d333e76470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3509", "type": "seen", "source": "https://t.me/cibsecurity/54286", "content": "\u203c CVE-2022-3509 \u203c\n\nA parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T16:20:54.000000Z"}, {"uuid": "c67d800c-82b8-4506-bc65-13b256f91c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35094", "type": "seen", "source": "https://t.me/cibsecurity/50378", "content": "\u203c CVE-2022-35094 \u203c\n\nSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:13:53.000000Z"}, {"uuid": "f4792505-69ec-4a45-8187-0b41981d3893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35095", "type": "seen", "source": "https://t.me/cibsecurity/50407", "content": "\u203c CVE-2022-35095 \u203c\n\nSWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:20:13.000000Z"}, {"uuid": "d95fa5e1-fed3-4651-bbea-b56680cbca4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35098", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17360", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-35098\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.\n\ud83d\udccf Published: 2022-09-23T17:11:51.000Z\n\ud83d\udccf Modified: 2025-05-22T19:05:05.304Z\n\ud83d\udd17 References:\n1. https://github.com/matthiaskramm/swftools/issues/182\n2. https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35098.md", "creation_timestamp": "2025-05-22T19:46:20.000000Z"}, {"uuid": "f3e14660-6ec1-4d6e-a155-0c3ad8427e65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35096", "type": "seen", "source": "https://t.me/cibsecurity/50379", "content": "\u203c CVE-2022-35096 \u203c\n\nSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:13:53.000000Z"}, {"uuid": "c216d7f9-e792-4f13-a6d9-f5f064c53e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35098", "type": "seen", "source": "https://t.me/cibsecurity/50372", "content": "\u203c CVE-2022-35098 \u203c\n\nSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:13:46.000000Z"}, {"uuid": "daaf9091-73e3-422f-aa7f-62d9b847dbd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35092", "type": "seen", "source": "https://t.me/cibsecurity/50417", "content": "\u203c CVE-2022-35092 \u203c\n\nSWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:27:11.000000Z"}, {"uuid": "ce4920e3-efb5-41bf-9211-b0d4864ed46d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35091", "type": "seen", "source": "https://t.me/cibsecurity/50406", "content": "\u203c CVE-2022-35091 \u203c\n\nSWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:20:12.000000Z"}, {"uuid": "5a90cc3a-1fd7-42ea-8c26-1685007deaaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35090", "type": "seen", "source": "https://t.me/cibsecurity/50171", "content": "\u203c CVE-2022-35090 \u203c\n\nSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T07:40:25.000000Z"}, {"uuid": "ceef7973-619f-47e4-ae4a-992bffd87506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35099", "type": "seen", "source": "https://t.me/cibsecurity/50392", "content": "\u203c CVE-2022-35099 \u203c\n\nSWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:19:49.000000Z"}]}