PT-2021-5451 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-9 through Android-12 Description: The issue is related to a heap buffer overflow in the C2SoftMP3::process function of C2SoftMp3Dec.cpp, which could lead to remote information disclosure without requiring additional...

libheif Denial of Service Vulnerability (CNVD-2022-06517)

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. libheif version 1.4.0 suffers from a denial-of-service vulnerability. The vulnerability stems from a floating-point exception in the Fraction function. An attacker could exploit this vulnerability to cause a denial of servi...

DEBIAN-CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...

UBUNTU-CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...

ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and several other file formats. A security vulnerability exists in ok-file-formats which allows attackers to cause a denial of service DOS via a crafted jpeg file...

ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and several other file formats. A security vulnerability exists in ok-file-formats, which stems from a vulnerability that allows an attacker to cause a denial of service DOS via a crafted jpeg file...

Weak password vulnerability in NVMS-1000 of Shenzhen Tongwei Digital Technology Co.

NVMS-1000 is a video surveillance management software launched by Shenzhen Tongwei Digital Technology Co., Ltd, which can be used with DVR, NVR, IPC, DVS, decoder and so on. Shenzhen Tongwei Digital Technology Co., Ltd NVMS-1000 suffers from a weak password vulnerability, which can be exploited b...

CVE-2021-0558

In fillMainDataBuf of pvmp3framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Andro...

Apple iOS < 12.5.4 Multiple Vulnerabilities (HT212548)

Binary data appleios1254check.nbin...

[SECURITY] Fedora 34 Update: aom-3.1.1-1.fc34

The Alliance for Open Media=EF=BF=BD=EF=BF=BD=EF=BF=BDs focus is to deliver a next-generation video format that is: - Interoperable and open; - Optimized for the Internet; - Scalable to any modern device at any bandwidth; - Designed with a low computational footprint and optimized for hardware; -...

MGASA-2021-0249 Updated jasper packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened CVE-2021-3443. A NULL pointer dereference fl...

Updated jasper packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened CVE-2021-3443. A NULL pointer dereference fl...

CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

Apple tvOS 缓冲区错误漏洞

Apple tvOS is a smart TV operating system from Apple, Inc. tvOS suffers from a buffer error vulnerability that stems from a boundary error in the ASN.1 decoder when processing TLS certificates. A remote attacker exploiting this vulnerability could trick a victim into visiting a specially designed...

PT-2021-18836 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 14.6 Apple iPadOS versions prior to 14.6 Apple tvOS versions prior to 14.6 Apple macOS versions prior to 11.4 Apple watchOS versions prior to 7.5 Apple macOS Mojave versions prior to Security Update 2021-004 Apple...

GHSA-FPHQ-GW9M-GHRV CHECK-fail in `CTCGreedyDecoder`

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder: python import tensorflow as tf inputs = tf.constant, shape=18, 2, 0, dtype=tf.float32 sequencelength = tf.constant-100, 17, shape=2, dtype=tf.int32 mergerepeated = False...

RUSTSEC-2021-0068 Soundness issue in `iced-x86` versions <= 1.10.3

Versions of iced-x86...

Soundness issue in `iced-x86` versions <= 1.10.3

Versions of iced-x86...

GHSA-5RCV-M4M3-HFH7 golang.org/x/text Infinite loop

Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...