ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and several other file formats. ok-file-formats 203defd suffers from a buffer error vulnerability that allows an attacker to trigger a buffer overflow via the function okpngtransformscanline in /okpng.c:494...

Debian: Security Advisory (DLA-2929-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

Infinite loop

Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when...

Flare-Qdb - Command-line And Python Debugger For Instrumenting And Modifying Native Software Behavior On Windows And Linux

flare-qdb is a command-line and scriptable Python-based tool for evaluating and manipulating native program state. It uses Vivisect to set a breakpoint on each queried instruction and executes Python code when hit. flare-qdb frees the analyst to take a nonlinear approach to dynamic analysis that...

ffjpeg Denial of Service Vulnerability (CNVD-2022-12798)

ffjpeg is a JPEG encoder/decoder by the individual developer Kai Chen in China. A rejection vulnerability exists in ffjpeg, which originates when the size information in the metadata of a bmp is out of range, it returns without allocating a memory buffer to pb-pdata and without exiting the progra...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

CVE-2022-23585

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

CVE-2018-14645

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service. Mitigation HTTP/2 support is disabled by default on OpenShift Container Platform 3.11. To mitigate this...

UBUNTU-CVE-2021-40563

A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmxcreateavcdecoderconfig function in reframenalu.c when using mp4box, which causes a denial of service...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. A denial of service vulnerability exists in versions of GPAC prior to 1.0.1. The vulnerability stems from a segmentation error in the naludmxcreateavcdecoderconfig function in reframenalu.c caused by null pointer dereference. An attacker could exploit...

CVE-2021-40417

When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer...

CVE-2021-0674

In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237...

CVE-2021-0674

In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237...

Out-of-bounds

In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237...

CVE-2021-0674

In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237...

CVE-2021-0674

CVE-2021-0674 affects the ALAC (ALAC decoder) used in MediaTek and related chipsets. The issue is an out-of-bounds read caused by an incorrect bounds check in the ALAC decoder, leading to local information disclosure without user interaction. Affected state: local access, no privileges required. ...