Linux Distros Unpatched Vulnerability : CVE-2017-6839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in modules/MSADPCM.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

Linux Distros Unpatched Vulnerability : CVE-2017-15370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a heap-based buffer overflow in the ImaExpandS function of imarw.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attac...

SUSE CVE-2025-22919

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service DoS via opening a crafted AAC file...

DEBIAN-CVE-2025-22919

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service DoS via opening a crafted AAC file...

UBUNTU-CVE-2025-22919

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service DoS via opening a crafted AAC file...

DEBIAN-CVE-2025-25467

Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file...

CVE-2025-22919

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service DoS via opening a crafted AAC file...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg that stems from a reachable assertion triggered by a specially crafted AAC file, which could lead to a denial of service...

CVE-2024-35432

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...

CVE-2022-22084

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2024-21480

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-6139

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...

CVE-2024-6959

A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service DOS attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui...

CVE-2024-52328

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on...

CVE-2024-52328 ECOVACS lawnmowers and vacuums insecurely store audio warning files

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on...

ECOVACS lawnmower and vacuum vulnerabilities

RISK EVALUATION ECOVACS lawnmowers, vacuums, and other robots contain multiple vulnerabilities. In some cases, using a combination of vulnerabilities, an attacker within Bluetooth range or with appropriate network access can take complete control of a robot device. Some vulnerabilities allow an...

Moderate: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: Segmentation fault error in oggvorbis.c:417 vorbisanalysiswrote CVE-2024-50612 For more details about the security issues, including the impact, a CVSS score,...

OESA-2024-2431 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

The vulnerability of the `apedecode_frame` function in the `libavcodec/apedec.c` file of the FFmpeg multimedia library involves reading data beyond the allowed buffer limits. This allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the apedecodeframe function in the libavcodec/apedec.c file of the FFmpeg multimedia library relates to reading data from buffers beyond their acceptable limits. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity,...

CVE-2024-6959

A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service DOS attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui...