AttackFeed by Joe Wagner | Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files  - Full Disclosure

Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files  – Full Disclosure

Posted on By Joe-W No Comments on Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files  – Full Disclosure
Alert Feeds

 

Posted by Ron E on Jan 05

Bio-Formats performs unsafe Java deserialization of attacker-controlled
memoization cache files (.bfmemo) during image processing. The
loci.formats.Memoizer class automatically loads and deserializes memo files
associated with images without validation, integrity checks, or trust
enforcement.
An attacker can exploit this behavior by supplying a crafted or corrupted
.bfmemo file—either fully attacker-controlled or derived from a legitimate
memo…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
[REVIVE-SA-2025-004] Revive Adserver Vulnerabilities  – Full Disclosure
November 19, 2025
Alert Feeds
Re: : “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)  – Full Disclosure
November 7, 2025
Alert Feeds
HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701  – Full Disclosure
December 25, 2025
Alert Feeds
[REVIVE-SA-2025-005] Revive Adserver Vulnerability  – Full Disclosure
December 2, 2025

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.