NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when the startdecoder function processes a specially crafted file, it may trigger a memory allocation failure. An attacker can cause a denial of service by exploiting this failure. This is because the function...

DEBIAN-CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

DEBIAN-CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...

UBUNTU-CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

UBUNTU-CVE-2023-45679

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

stb_vorbis Input Validation Error Vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a well-designed file that may trigger a memory write to the heap buffer allocated in "startdecoder"...

stb_vorbis Code Issue Vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a well-designed file that may trigger a memory allocation failure in "startdecoder"...

stb_vorbis buffer error vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a carefully crafted file that may trigger an out-of-bounds write in "f-vendorlen = char ;"...

PT-2023-29646 · Unknown +2 · Stb Vorbis +2

Name of the Vulnerable Software and Affected Versions: stb vorbis affected versions not specified Description: The issue is related to the processing of ogg vorbis files. A crafted file can cause a memory allocation failure in the start decoder function, leading to some pointers in f-comment list...

Amazon Linux 2 : amazon-ssm-agent (ALAS-2023-2303)

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.1705.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2303 advisory. 2023-10-30: CVE-2023-29409 was added to this advisory. 2023-10-30: CVE-2023-3978 was added to this advisory...

Ubuntu 16.04 ESM : Apache Tomcat 7 vulnerabilities (USN-4791-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4791-1 advisory. It was discovered that Apache Tomcat 7 did not protect applications from the presence of untrusted client data in an environment variable. A remote...

Squid DoS Vulnerability (GHSA-72c2-c3wm-8qxc, SQUID-2024:1)

Squid is prone to a denial of service DoS vulnerability in the HTTP Chunked Decoding. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-29645

Name of the Vulnerable Software and Affected Versions stb vorbis affected versions not specified Description The issue is related to the processing of ogg vorbis files. A crafted file can trigger an out of buffer write in the start decoder function. This occurs because the maximum value of...

PT-2023-29647 · Unknown +1 · Stb Vorbis +1

Name of the Vulnerable Software and Affected Versions: stb vorbis affected versions not specified Description: The issue is related to a memory allocation failure in the start decoder function when processing a crafted ogg vorbis file. This failure causes the function to return early, setting...

Squid security vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in versions prior to Squid 6.4, which stems from improper handling of the chunking...

PT-2023-7041

Name of the Vulnerable Software and Affected Versions Squid affected versions not specified Description The issue is related to the chunked decoder of the Squid proxy server, which is associated with the server's interpretation of fragmented syntax encoding. This can allow a remote attacker to...

Fedora 38 : golang-x-image (2023-4d95d44e7b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4d95d44e7b advisory. Update to 0.13.0 Security fix for CVE-2023-29408 Security fix for CVE-2023-29407 Security fix for CVE-2022-41727 Tenable has extracted the preceding...

PT-2023-8819 · Squid +11 · Squid +12

Name of the Vulnerable Software and Affected Versions: Squid versions 3.5.27 through 6.7 Description: The issue is related to an uncontrolled recursion bug in the HTTP Chunked decoder, which can lead to a Denial of Service attack. A remote attacker can exploit this by sending a crafted, chunked,...

dav1d: Denial of Service

Background dav1d is an AV1 decoder. Description In some circumstances, dav1d might treat an invalid frame as valid, resulting in a crash. Impact Malformed frame data can result in a denial of service. Workaround Users should avoid parsing untrusted video with dav1d. Resolution All dav1d users...

Amazon Linux AMI : containerd (ALAS-2023-1849)

The version of containerd installed on the remote host is prior to 1.4.13-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1849 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the...