ALSA-2024:9456 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

AZL-43103 CVE-2024-37298 affecting package libcontainers-common for versions less than 20240213-2

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

CVE-2023-4233

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the smsdecodeaddressfield function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS...

oFono 安全漏洞

oFono is an open source telephony communication framework open-sourced by UBports. A security vulnerability exists in oFono versions prior to 2.1, which stems from a stack overflow error triggered by the smsdecodeaddressfield function during SMS PDU decoding...

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-21454

Vulnerability CVE-2024-21454 affects Automotive Telematics and is described as a transient Denial of Service during decoding of the ToBeSignedMessage. The CVE record notes an underlying issue described as an Integer Overflow to Buffer Overflow in Automotive Telematics. The CVSS score is 7.5 (HIGH...

The vulnerability of the decoding method used by the Avalanche mobile device management system allows a hacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the decoding method used by the Avalanche mobile device management system lies in the writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...

msgpacker security vulnerability

msgpacker is a fast MessagePack NodeJS/JavaScript implementation. A security vulnerability exists in versions of msgpacker prior to 1.10.1, which stems from the fact that when decoding a user-supplied MessagePack message, an attacker can craft the message in such a way that the decoder triggers...

Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Overview Affected versions of this package are vulnerable to Improper Release of Memory Before Removing Last Reference 'Memory Leak' in the QUIC transport parameters when multiple instances are present or multiple calls to the decode happen. An attacker can cause a denial of service when the MsQu...

Google Golang Security Vulnerability

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

SUSE CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

SUSE CVE-2016-7785

The avireadseek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service assert fault via a crafted AVI file...

USN-5742-1 jbigkit vulnerability

It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service...

PT-2022-28161 · Unknown · Petero.Cbor

Name of the Vulnerable Software and Affected Versions: PeterO.Cbor versions 4.0.0 through 4.5.0 Description: The issue is a denial of service vulnerability that can be triggered by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of...

GPAC 输入验证错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

CVE-2021-21401

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

WebRTC - VP8 Block Decoding Use-After-Free

WebRTC - VP8 Block Decoding Use-After-Free There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC. ==20098==ERROR: AddressSanitizer: heap-use-after-free on address 0x6330000a9491 at pc 0x0000014cde2f bp...

CVE-2018-7173

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding...