CLSA-2025-1738693764 squid: Fix of CVE-2024-25111

CVE-2024-25111: Fix uncontrolled recursion bug in HTTP Chunked decoder to prevent DoS attack...

The vulnerability of the CAF decoder in the FFmpeg multimedia library allows a hacker to induce a service failure.

The vulnerability of the CAF decoder in the FFmpeg multimedia library is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause a service failure...

[SECURITY] Fedora 41 Update: jpegxl-0.10.4-1.fc41

This package contains a reference implementation of JPEG XL encoder and decoder...

cxl/port: Fix use-after-free, permit out-of-order decoder shutdown

...

Security Bulletin: IBM DataPower Operator vulnerable to DoS due to use of Go (CVE-2024-34155, CVE-2024-34156)

Summary The affected calls are used by DataPower Operator for processing messages exchanged with Kubernetes and IBM DataPower Gateway. Vulnerability Details CVEID:CVE-2024-34156 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending...

PT-2025-5665 · Git +1 · Opencv

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash has been reported with an UNKNOWN READ crash type. The crash state involves several functions, including cv::PngDecoder::compose frame,...

CVE-2018-9383

In asn1berdecoder of asn1decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

BIT-PYTHON-MIN-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

PT-2025-1336 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned. Description: A possible out-of-bounds read in the asn1 ber decoder function in asn1 decoder.c could lead to local information disclosure with System execution privileges required. No user...

CVE-2024-56515

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. bsc1234450 CVE-2024-47600: Fixed an out-of-bounds read in...

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio APE decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 CVSS score: 8.1, affects Samsung devices running Android versions 12, 13, a...

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. bsc1234450 CVE-2024-47600: Fixed an out-of-bounds read in...

Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47539: Fixed an out-of-bounds write in converttos3341a...

Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47543: Fixed an out-of-bounds write in...

OESA-2025-1017 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: In FFmpeg version n6.1....

SUSE SLES15 Security Update : gstreamer-plugins-base (SUSE-SU-2025:0054-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0054-1 advisory. - CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 - CVE-2024-47835: Fixed a...

Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. boo1234449 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47539: Fixe...

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. bsc1234450 CVE-2024-47600: Fixed an out-of-bounds read in...

PT-2025-5655 · Opencv · Opencv

Name of the Vulnerable Software and Affected Versions: OpenCV affected versions not specified Description: The issue is related to a heap buffer overflow read in the PngDecoder of OpenCV. The crash occurs in the cv::PngDecoder::readHeader function, which is called by cv::imdecode and cv::imdecode...