5956 matches found
CVE-2025-58057
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
Stack exhaustion in Decoder.Decode in encoding/gob
...
GHSA-3P8M-J85Q-PGMJ Netty's decoders vulnerable to DoS via zip bomb style attack
Summary With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. Details BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time...
Netty's decoders vulnerable to DoS via zip bomb style attack
Summary With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. Details BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time...
Linux Distros Unpatched Vulnerability : CVE-2016-4354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service crash via crafted BER data...
Linux Distros Unpatched Vulnerability : CVE-2025-6199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the GIF parser of GdkPixbuf's LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output...
Linux Distros Unpatched Vulnerability : CVE-2018-20195
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference was discovered in icpredict of libfaad/icpredict.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. The vulnerability causes a...
Security Bulletin: Vulnerability in Netty's HttpPostRequestDecoder Allows Unbounded Memory Accumulation, which affects IBM watsonx.data
Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the lzma.NewReader or lzma.ReaderConfig.NewReader functions when decoding a corrupted multiple LZMA archive. An attacker can cause excessive memory consumption by providing a...
Exploit for Out-of-bounds Write in Apple Macos
CVE-2025-31200: CoreAudio APAC Channel Remapping Buffer Overfl...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2025:02990-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02990-1 advisory. - CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder libavcodec/alsdec.c bsc1246790...
Security update for ffmpeg
This update for ffmpeg fixes the following issues: CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder libavcodec/alsdec.c bsc1246790. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:02990-1 Security update for ffmpeg
This update for ffmpeg fixes the following issues: - CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder libavcodec/alsdec.c bsc1246790...
Linux Distros Unpatched Vulnerability : CVE-2025-2357
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. Th...
Linux Distros Unpatched Vulnerability : CVE-2024-36617
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. CVE-2024-36617 Note that Nessus relies on the presence of the package as reported...
Linux Distros Unpatched Vulnerability : CVE-2024-1580
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. W...
Linux Distros Unpatched Vulnerability : CVE-2021-21845
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
Linux Distros Unpatched Vulnerability : CVE-2018-20194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a stack-based buffer underflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2...