[SECURITY] [DSA 5109-1] faad2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5109-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2022 https://www.debian.org/security/faq -...

[SECURITY] Fedora 36 Update: python-ujson-5.1.0-1.fc36

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

Infinite loop in Pillow

JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder. If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file...

CVE-2022-20048

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502...

CVE-2022-20047

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489...

CVE-2022-20048

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502...

CVE-2022-20047

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489...

CVE-2022-20047

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489...

CVE-2022-20048

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502...

Out-of-bounds

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489...

Out-of-bounds

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502...

ffjpeg 代码问题漏洞

ffjpeg is a JPEG encoder/decoder. ffjpeg suffers from a null pointer dereference vulnerability, for which no detailed vulnerability details are currently available...

CVE-2022-20048

CVE-2022-20048 affects MediaTek video decoder with a missing bounds check causing an out-of-bounds write and local privilege escalation without user interaction. MTK’s advisory (ALPS05917502) notes the patch, and other sources (NVD, Red Hat, CNVD, CVE listings) corroborate the description. The av...

CVE-2022-20048

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502...

CVE-2022-20047

CVE-2022-20047 affects MediaTek video decoder with a missing bounds check leading to an out-of-bounds write and local privilege escalation without user interaction. The issue is documented with patch ALPS05917489 (Issue ID: ALPS05917489). Connected sources also corroborate the vulnerability as a ...

CVE-2022-20047

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489...

ASB-A-213116796

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-213120685

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...