3663 matches found
[SECURITY] Fedora 35 Update: mingw-speex-1.2.0-9.fc35
Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates in the 2-45 kbps range. Possible applications include Voice over IP VoIP, Internet audio streaming, audio books, and archiving of speech data e.g. voice mail...
[SECURITY] Fedora 34 Update: mingw-speex-1.2.0-9.fc34
Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates in the 2-45 kbps range. Possible applications include Voice over IP VoIP, Internet audio streaming, audio books, and archiving of speech data e.g. voice mail...
OESA-2021-1441 busybox security update
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: An...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 PoC exploit for SMBGhost vulnerability in Windows 10 1903/1909's SMB3 compression capability. This PoC connects to the target host, compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflow and crash t...
CVE-2021-42374
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that...
PT-2021-5536 · Busybox +5 · Busybox +5
Name of the Vulnerable Software and Affected Versions: BusyBox affected versions not specified Description: An out-of-bounds heap read in BusyBox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any...
Speex has unspecified vulnerabilities
Speex is a free software proprietary audio compression format designed for speech. Speex v1.2 contains a security vulnerability that could be exploited by an attacker to cause a denial of service DoS via a crafted WAV file...
Mozilla Firefox Security Advisory (MFSA2012-73) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-43174
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...
libwebp security update
An update is available for libwebp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libwebp packages provide a library and tools for the WebP graphics format...
RLSA-2021:4231 Moderate: libwebp security update
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...
Fixed in ClickHouse 21.10.2.15, 2021-10-18
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...
Fixed in ClickHouse 21.10.2.15, 2021-10-18
Heap buffer overflow in ClickHouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don't exceed the destination buffer's limits...
PT-2021-6324 · Unknown +4 · Clickhouse +3
Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: The issue is related to a heap buffer overflow in ClickHouse's LZ4 compression codec. This occurs when parsing a malicious query, as there is no verification that copy operations in the...
PT-2021-6323 · Unknown +2 · Clickhouse +1
Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: The issue is related to a heap buffer overflow in ClickHouse's LZ4 compression codec. This occurs when parsing a malicious query, as there is no verification that copy operations do not...
PT-2021-23611 · Unknown +2 · Clickhouse +1
Name of the Vulnerable Software and Affected Versions: Clickhouse affected versions not specified Description: The issue is related to a divide-by-zero error in Clickhouse's Delta compression codec. This error occurs when parsing a malicious query, where the first byte of the compressed buffer is...
PT-2021-23610 · Unknown +4 · Clickhouse +3
Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: A heap out-of-bounds read issue exists in ClickHouse's LZ4 compression codec when parsing a malicious query. The LZ4::decompressImpl loop reads a 16-bit unsigned user-supplied value offs...
PT-2021-23612 · Unknown +2 · Clickhouse +1
Name of the Vulnerable Software and Affected Versions: Clickhouse affected versions not specified Description: The issue is related to a divide-by-zero error in Clickhouse's DeltaDouble compression codec. This occurs when parsing a malicious query, where the first byte of the compressed buffer is...
CVE-2021-42387
Heap out-of-bounds read in ClickHouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-42389
Divide-by-zero in ClickHouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. JFrog Security Research Team...