exempi: denial of service via opening of crafted audio file with ID3V2 frame

A buffer overflow flaw was found in the exempi package. This issue occurs in the ID3Support::ID3v2Frame::getFrameValue function that allows remote attackers to cause a denial of service via opening a crafted audio file with the ID3V2 frame...

ALSA-2024:3066 Moderate: exempi security update

Exempi provides a library for easy parsing of XMP metadata. Security Fixes: exempi: denial of service via opening of crafted audio file with ID3V2 frame CVE-2020-18651 exempi: denial of service via opening of crafted webp file CVE-2020-18652 For more details about the security issues, including t...

Moderate: exempi security update

Exempi provides a library for easy parsing of XMP metadata. Security Fixes: exempi: denial of service via opening of crafted audio file with ID3V2 frame CVE-2020-18651 exempi: denial of service via opening of crafted webp file CVE-2020-18652 For more details about the security issues, including t...

RHEL 6 : audiofile (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - audiofile: Heap-based buffer overflow in Expand3To4Module::run when running sfconvert CVE-2018-17095 -...

RHEL 6 : libsndfile (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libsndfile: Heap-based Buffer Overflow in psfbinheaderwritef function in common.c CVE-2017-12562 - An out...

CVE-2024-21480

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-21480 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-21480

CVE-2024-21480 relates to memory corruption in Qualcomm chipsets when playing audio files with large input buffers. The entry is documented across multiple sources (NVD/NCSC/Red Hat) as a memory- or buffer-related vulnerability affecting Qualcomm closed-source components, with references indicati...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the comment functionality. An attacker can execute arbitrary code or cause a denial of service condition by providing a malicious .ogg file. Remediation There is no fixed version for stb. References - Talo...

Denial Of Service

libmad.so is vulnerable to Denial Of Service. The vulnerability is due to the madlayerIII function in layer3.c when processing a crafted audio file, resulting in a heap-based buffer overflow and possible application crash...

Denial Of Service

libmad.so is vulnerable to Denial of service attack. The vulnerability is due to an assertion failure and application exit when the madlayerIII function in layer3.c is executed without NDEBUG defined, allowing an attacker to cause denial of service via a specially crafted audio file...

BIT-NGINX-2022-41741 NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

Nagios XI < 2024R1.0.1 XSS Vulnerability

According to the self-reported version of Nagios XI, the remote host is affected by a stored cross-site scripting XSS vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file uplo...

CVE-2023-51072

A stored cross-site scripting XSS vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated us...

CVE-2023-51072

Nagios XI vulnerability CVE-2023-51072: a stored XSS in the NOC component affecting Nagios XI versions up to 2024R1 via the audio file upload in Operation Center. The issue allows low-privileged, authenticated users to inject arbitrary HTML/JavaScript, potentially executing code in other users’ b...

CVE-2023-51072

A stored cross-site scripting XSS vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated us...

CVE-2023-51072

A stored cross-site scripting XSS vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated us...

Zero-Click Outlook RCE Exploitation Chain in Windows

Summary: Two vulnerabilities CVE-2023-35384 and CVE-2023-36710 in Microsoft Windows can be chained to achieve remote code execution RCE on vulnerable Outlook clients. Attackers can exploit these flaws by sending a crafted email with a custom notification sound file to trigger the download of a...

MGASA-2023-0336 Updated audiofile packages fix a security vulnerability

The updated packages fix a security vulnerability In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring...

[SECURITY] Fedora 37 Update: audiofile-0.3.6-36.fc37

The Audio File library is an implementation of the Audio File Library from SGI, which provides an API for accessing audio file formats like AIFF/AIFF-C, WAVE, and NeXT/Sun .snd/.au files. This library is used by the EsounD daemon. Install audiofile if you are installing EsounD or you need an API...