14112 matches found
CVE-2026-12319
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Audio/Video: Playback component...
Linux Distros Unpatched Vulnerability : CVE-2026-52963
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using...
EUVD-2026-38832
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
EUVD-2026-38831
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...
EUVD-2026-38920
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: topology: check widget type before accessing data Check widget type before accessing the private data, as this could a virtual widget which is no associated with a dsp graph, container and module. Accessing...
CVE-2026-52964
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed a NULL pointer dereferencing in sndusbmixercontrolsbadd. In sndusbcreatestreams, for UAC version 3 devices, the Interface Association Descriptor IAD is retrieved using usbifnumtoif. If this call fails, a...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fixed a missing pointer check in the hdacomponentmanagerinit function. The componentmatchadd function may assign the ‘matchptr’ pointer the value ERRPTR-ENOMEM, which will subsequently be dereferenced. The call stack...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the renegotiation of the AUDIN format freed the active format list, while the capture thread continued to use audin-format. This led to a use after free in audioformatcompatible. This vulnerability has been...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the RDPSND async playback thread could process queued PDUs after the channel was closed and its internal state was freed, resulting in a use after free in rdpsndtreatwave. This vulnerability has been fixed i...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: Intel: hda: Fixed NULL pointer dereferencing issues. If there is a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the...
OESA-2026-2735 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and...
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
CVE-2026-54233
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0...
CVE-2026-54233
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0...
CVE-2026-54233
Affected software: vLLM (inference/serving engine). Vulnerability: decoding an audio file on the /v1/audio/transcriptions endpoint can cause extreme memory growth. A 25 MB OPUS upload decodes to about 14.9 GB of float32 PCM, because the audio decoder concatenates all frames in memory before retur...