DEBIAN-CVE-2023-41000

GPAC through 2.2.1 has a use-after-free vulnerability in the function gfbifsflushcommandlist in bifs/memorydecoder.c...

UBUNTU-CVE-2023-41000

GPAC through 2.2.1 has a use-after-free vulnerability in the function gfbifsflushcommandlist in bifs/memorydecoder.c...

Design/Logic Flaw

GPAC through 2.2.1 has a use-after-free vulnerability in the function gfbifsflushcommandlist in bifs/memorydecoder.c...

Updated librsvg packages fix security vulnerability

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVE-2023-3863...

PT-2023-5554 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC versions through 2.2.1 Description: The issue is related to the incorrect use of dynamic memory in the gf bifs flush command list function of the GPAC multimedia platform. This can lead to a denial of service when exploited. The...

Fedora 38 : pypy (2023-c43a940a93)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c43a940a93 advisory. Security fix for CVE-2022-45061 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2023-2238 (ALAS-2023-2238)

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.1377.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2238 advisory. A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fa...

PT-2023-8456 · FFmpeg · Ffmpeg

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 6.1 Description: The issue is related to an integer overflow vulnerability in the JPEG XL decoder of the FFmpeg multimedia library. This vulnerability can be exploited by a remote attacker to execute arbitrary code...

Oracle Linux 8 : container-tools:ol8 (ELSA-2020-4694)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4694 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes cluster...

PT-2023-8455 · FFmpeg · Ffmpeg

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 6.1 Description: The issue is related to an integer overflow vulnerability in the jpegxl anim read packet function of the JPEG XL Animation decoder in the FFmpeg multimedia library. This vulnerability can be exploited...

OESA-2023-1582 librsvg2 security update

An SVG library based on cairo. Security Fixes: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by...

Debian: Security Advisory (DSA-5484-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5484-1 : librsvg - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5484 advisory. Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files whe...

Faad2 Buffer Error Vulnerability

Faad2 is a freeware Advanced Audio Aac decoder. It is used for Sbr decoding. A security vulnerability exists in Faad2 version v.2.10.1, which stems from the presence of a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code and cause a denial of service...

Amazon Linux 2023 : poppler, poppler-cpp, poppler-cpp-devel (ALAS2023-2023-289)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-289 advisory. Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lea...

Amazon Linux 2 : nerdctl (ALAS-2023-2193)

The version of nerdctl installed on the remote host is prior to 1.1.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2193 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the...

Amazon Linux 2 : cni-plugins (ALAS-2023-2192)

The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2192 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block...

Amazon Linux 2 : cri-tools (ALAS-2023-2194)

The version of cri-tools installed on the remote host is prior to 1.26.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2194 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the...

Medium: poppler

Issue Overview: Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the...

SUSE: Security Advisory (SUSE-SU-2023:3235-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...