SUSE CVE-2018-20359

An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbrdec.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...

SUSE CVE-2019-6956

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. It is a buffer over-read in psmixphase in libfaad/psdec.c...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the scanruns function in the MMRDecoder component. An attacker can cause heap corruption or read sensitive memory by providing specially crafted input that causes the xr pointer to write or read outside the bound...

FreeBSD-SA-25:06.xz

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-25:06.xz Security Advisory The FreeBSD Project Topic: Use-after-free in multi-threaded xz decoder Category: contrib Module: xz Announced: 2025-07-02 Affects:...

FreeBSD -- Use-after-free in multi-threaded xz decoder

Problem Description: A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory. Impact: An attacker may use specifically crafted .xz file to cause multi-threaded xz decoder to crash, or...

Updated gdk-pixbuf2.0 packages fix security vulnerability

It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure...

MGASA-2025-0198 Updated gdk-pixbuf2.0 packages fix security vulnerability

It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure...

Oracle Linux 10 : xz (ELSA-2025-7524)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7524 advisory. - Fix: heap-use-after-free bug in threaded .xz decoder CVE-2025-31115 Tenable has extracted the preceding description block directly from the Oracle Linux...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

Samsung S24 MP3 Decoder Out-Of-Bounds Read

There is an out-of-bounds read in the MP3 decoder in the Samsung S24. The function smp123djointstereov1 indexes into several tables for decoding, and does not check that the index is valid, allowing the tables to be read out of bounds. It may be possible to use this bug to bypass ASLR, as loading...

Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47540: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47543: Fixed an out-of-bounds write in...

SUSE-SU-2025:00063-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2024-47540: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 - CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 - CVE-2024-47543: Fixed an out-of-bounds write in...

OSV-2025-486 Bad-cast to cv::PngDecoder from invalid vptr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=426783958 Crash type: Bad-cast Crash state: Bad-cast to cv::PngDecoder from invalid vptr cv::PngDecoder::readData cv::imdecode...

SUSE CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf's LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the...

[SECURITY] [DLA 4225-1] gdk-pixbuf security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4225-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk June 23, 2025 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5946-1] gdk-pixbuf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5946-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2025 https://www.debian.org/security/faq -...

Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47537: Fixed OOB-write in isomp4/qtdemux.c bsc1234414 CVE-2024-47539: Fixed OOB-write in converttos3341a bsc1234417 CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer bsc1234421 CVE-2024-47543: Fixe...

BIT-PYTHON-MIN-2025-4516 Use-after-free in "unicode_escape" decoder with error handler

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...