Linux Distros Unpatched Vulnerability : CVE-2016-2463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6....

Linux Distros Unpatched Vulnerability : CVE-2016-6773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission...

Linux Distros Unpatched Vulnerability : CVE-2016-3820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a...

Linux Distros Unpatched Vulnerability : CVE-2016-3741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary cod...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the getsiz function in jpeg2000dec.c. An attacker can execute arbitrary code or cause a crash by supplying a crafted JPEG2000 file containing a malicious cdef atom. Remediation Upgrade ffmpeg to version 8....

CVE-2025-9951

FFmpeg is affected by CVE-2025-9951 due to a heap-buffer-overflow in the JPEG 2000 decoder (jpeg2000dec) that can allow remote code execution or denial of service when processing certain JPEG2000 data. Multiple advisories (Debian DLA-4440, Astra Linux, Ubuntu USN-7830-1, and Nessus entries) enume...

Linux Distros Unpatched Vulnerability : CVE-2025-58057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...

SUSE CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

DEBIAN-CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

UBUNTU-CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow

...

[SECURITY] Fedora 41 Update: libsixel-1.10.5-3.fc41

An encoder/decoder implementation for DEC SIXEL graphics...

[SECURITY] Fedora 42 Update: libsixel-1.10.5-4.fc42

An encoder/decoder implementation for DEC SIXEL graphics...

Linux Distros Unpatched Vulnerability : CVE-2017-5502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libjasper/jp2/jp2dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service crash via vectors involving left shift of a negative value...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in Netty versions 4.1.124.Final and earlier and 4.2.4.Final and earlier, which stems fro...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the BrotliDecoder.decompress function, which has no limit on how often it calls pull, decompressing data 64K bytes at a time. An attacker can exhaust system memory and...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the BrotliDecoder.decompress functio...

CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...