SUSE-SU-2025:20872-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: Fixed mjson JSON decoder excessive resource consumption bsc1250983...

Security update for haproxy

This update for haproxy fixes the following issues: CVE-2025-11230: Fixed mjson JSON decoder excessive resource consumption bsc1250983 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

OSV-2025-852 Heap-buffer-overflow in std::__1::pair<int, arrow::util::RleBitPackedParser::ControlFlow> arrow::util::R

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=454097865 Crash type: Heap-buffer-overflow READ 1 Crash state: std::1::pair arrow::util::R arrow::util::RleBitPackedDecoder::GetBatch auto parquet::DictByteArrayDecoderImpl::DecodeArrowDense...

NVIDIA GPU Display Driver 缓冲区错误漏洞

NVIDIA GPU Display Driver is a display driver from NVIDIA Corporation. A buffer error vulnerability exists in NVIDIA GPU Display Driver that originates from an out-of-bounds read in the video decoder, which could result in an information disclosure or denial of service...

UBUNTU-CVE-2023-53729

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...

Zero-click Dolby audio bug lets attackers run code on Android and Windows devices

Researchers from Google’s Project Zero discovered a medium-severity remote code execution RCE vulnerability that affects multiple platforms, including Android Samsung and Pixel devices and Windows. Remote code execution means an attacker could run programs on your device without your permission...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : FFmpeg vulnerabilities (USN-7830-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7830-1 advisory. It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in th...

CVE-2025-54957

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...

USN-7830-1: FFmpeg vulnerabilities

It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in the HTTP Live Streaming HLS implementation, leading to a NULL pointer dereference. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this...

USN-7830-1 ffmpeg vulnerabilities

It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in the HTTP Live Streaming HLS implementation, leading to a NULL pointer dereference. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this...

EUVD-2025-35023

Malicious code in dist-decoder npm...

MAL-2025-48518 Malicious code in dist-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d6276f9115715018347a416b17686c81064ab130b386dacfdbe52f80bf1a2d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview dist-decoder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in dist-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d6276f9115715018347a416b17686c81064ab130b386dacfdbe52f80bf1a2d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-35059

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...

CVE-2025-54957

CVE-2025-54957 affects Dolby UDC (Unified Decoder) versions 4.5–4.13 and is triggered while processing a DD+/EMDF payload in the decoder. The root cause is an integer overflow in evo_malloc computing total_size, leading to a too-small allocation, combined with a write loop that can exceed the all...

CVE-2025-54957

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...

CVE-2025-54957

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...

JLSEC-2025-115 libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a simi...

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the initvlc function, a similar issue to CVE-2013-0868...

JLSEC-2025-135 FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for a...

FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service DoS condition...