The vulnerability of the svg_probe function in the libavformat/img2dec.c file of the FFmpeg multimedia library, related to the execution of a loop with an unreachable exit condition, allows a hacker to cause a service failure.

The vulnerability of the svgprobe function in the libavformat/img2dec.c file of the FFmpeg multimedia library relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause a service failure by using a specially created...

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

RHEL 7 : rh-haproxy18-haproxy (RHSA-2019:0275)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0275 advisory. HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Security Fixes: haproxy: Mishandling of priority...

GHSA-7VM6-QWH5-9X44 loona-hpack Panic Vulnerability

Summary loona-hpack suffers from the same vulnerability as the original hpack as documented in https://github.com/mlalic/hpack-rs/issues/11 Details The original includes a very nice description of the problem, as well as an easy-enough fix for it. PoC The original example pretty much still applie...

loona-hpack Panic Vulnerability

Summary loona-hpack suffers from the same vulnerability as the original hpack as documented in https://github.com/mlalic/hpack-rs/issues/11 Details The original includes a very nice description of the problem, as well as an easy-enough fix for it. PoC The original example pretty much still applie...

CVE-2024-51502

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. loona-hpack suffers from the same vulnerability as the original hpack as documented in issue 11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has be...

CVE-2024-51502 Panic Vulnerability in loona-hpack

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. loona-hpack suffers from the same vulnerability as the original hpack as documented in issue 11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has be...

CVE-2024-51502 Panic Vulnerability in loona-hpack

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. loona-hpack suffers from the same vulnerability as the original hpack as documented in issue 11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has be...

CVE-2024-51502

CVE-2024-51502 affects loona-hpack (Rust, built on io-uring) where the Decoder can be exploited by decoding untrusted input. The vulnerability is the same as in the original hpack and is mitigated by upgrading to loona release 0.4.3. Connected sources also reference a patched crate (hpack-patched...

loona 安全漏洞

loona is an open source library from bearcove. A security vulnerability exists in loona version 0.4.2 and earlier, which stems from the presence of a mishandling exception that results in an attack on all users attempting to decode untrusted input using the decoder...

CVE-2024-10573

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

CVE-2024-10573

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

CVE-2024-10573 Mpg123: buffer overflow when writing decoded pcm samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

CVE-2024-10573 Mpg123: buffer overflow when writing decoded pcm samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

CVE-2024-10573

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

UBUNTU-CVE-2024-10573

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

The vulnerability of the HttpObjectDecoder decoder in the RESTEasy software framework allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the HttpObjectDecoder decoder in the RESTEasy software framework is related to the inconsistent interpretation of HTTP requests during the processing of ASCII-standard encoding symbols. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests HTTP...

CVE-2024-47754

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdech264reqmultiif.c. Which leads to a kernel crash when fb is NULL...