Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value due to the processing of specially crafted files that can lead to excessive memory usage in image decoders. This flaw can be exploited to deplete process memory, causing a denial of service an...

Sensitive Information in Resource Not Removed Before Reuse

Overview Affected versions of this package are vulnerable to Sensitive Information in Resource Not Removed Before Reuse due to a flaw in the JPEG and TGA decoders, when a specially crafted image file is passed to a software using ImageSharp. An attacker can potentially disclose sensitive...

OESA-2024-1407 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A...

Integer Overflow

Xpdf is vulnerable to an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIG2Stream.cc, allowing crafted PDF files or JBIG2 images to crash or execute arbitrary code...

USN-6728-1 squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2023-49288 Joshua Rogers discovered that Squ...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Squid vulnerabilities (USN-6728-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6728-1 advisory. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to caus...

The vulnerability of the /libheif/exif.cc decoder and encoder for libheif files allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the /libheif/exif.cc decoder and file format encoder in the libheif library is related to a segmentation error. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the find_exif_tag() function in the HEIF file format decoder and encoder allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the findexiftag function in the HEIF file format decoder and encoder is related to a segmentation error. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

SUSE SLES15 Security Update : squid (SUSE-SU-2024:1114-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1114-1 advisory. - Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service...

SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2024:1113-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1113-1 advisory. - Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denia...

MGASA-2024-0111 Updated dav1d packages fix security vulnerability

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. CVE-2024-1580...

Updated dav1d packages fix security vulnerability

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. CVE-2024-1580...

libdav1d-sys affected by dav1d AV1 decoder integer overflow

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0...

GHSA-MC39-H54G-PVW6 libdav1d-sys affected by dav1d AV1 decoder integer overflow

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0...

HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

GHSA-W7HM-HMXV-PVHF HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address HPA the HDM decoder registers are programmed wi...

CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address HPA the HDM decoder registers are programmed wi...

DEBIAN-CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address HPA the HDM decoder registers are programmed wi...

UBUNTU-CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address HPA the HDM decoder registers are programmed wi...