The vulnerability of the sec_pkcs7_decoder_start_decrypt() function in Mozilla Firefox and Thunderbird email client allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the secpkcs7decoderstartdecrypt function in Mozilla Firefox and Thunderbird’s email client is related to the reallocation of memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

OSV-2024-1417 Heap-buffer-overflow in cv::PngDecoder::read_from_io

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=386688710 Crash type: Heap-buffer-overflow READ 4 Crash state: cv::PngDecoder::readfromio cv::PngDecoder::readchunk cv::PngDecoder::readHeader...

PT-2026-21540

Name of the Vulnerable Software and Affected Versions strukturag libde265 versions prior to commit d9fea9d Description A segmentation fault exists in strukturag libde265 due to an issue within the decoder context::compute framedrop table component. This can lead to a program crash. Recommendation...

PT-2025-31051

Name of the Vulnerable Software and Affected Versions ffmpeg affected versions not specified Description A null pointer dereference issue exists in the FFmpeg ALS decoder, specifically within the libavcodec/alsdec.c file. This can lead to crashes or unexpected behavior when processing audio...

PT-2025-54268

Name of the Vulnerable Software and Affected Versions cbor2 versions 3.0.0 through 5.7.0 Description cbor2 is a library for encoding and decoding the Concise Binary Object Representation CBOR serialization format. A flaw exists where, when a CBORDecoder instance is reused across multiple decode...

CLSA-2024-1735310784 Fix CVE(s): CVE-2024-11233

SECURITY UPDATE: Out-of-bounds read in quoted-printable decoder - debian/patches/CVE-2024-11233.patch: Fix buffer handling in convert.quoted-printable-decode filter to prevent one-byte out-of-bounds read - CVE-2024-11233...

Apache MINA 安全漏洞

Apache MINA is a web application framework from the Apache USA Foundation. It is primarily used for developing high-performance and highly scalable web applications. A security vulnerability exists in Apache MINA versions 2.0.X, 2.1.X, and 2.2.X. The vulnerability stems from a lack of necessary...

PT-2024-9987

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.X through 2.2.X Description The ObjectSerializationDecoder in Apache MINA lacks necessary security checks when processing incoming serialized data using Java’s native deserialization protocol. This allows attackers to...

OESA-2024-2577 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg n6.1.1 has an...

OESA-2024-2576 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg n7.0 is affected...

OESA-2024-2574 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg n7.0 is affected...

OESA-2024-2578 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg n6.1.1 has an...

Huawei HarmonyOS Image Decoder Module Read/Write Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the Huawei HarmonyOS image decoding module, which can be exploited by attackers to affect availability...

gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header

A flaw was found in the GStreamer library. A stack buffer overflow in the Opus decoder can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash...

gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet

A flaw was found in the Vorbis decoder in the GStreamer library. Processing a specially crafted input file can cause a stack-based buffer overflow in the Vorbis decoder due to improper input validation, resulting in unexpected behavior or, most likely, an application crash...

gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush

A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service...

gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header

A flaw was found in the GStreamer library. A stack buffer overflow in the Opus decoder can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash...

gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush

A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service...

gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush

A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service...

gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush

A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service...