CVE-2024-12243 Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

CVE-2024-12133 Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...

CVE-2024-12133

CVE-2024-12133 affects libtasn1 and causes inefficient DER/SEQUENCE OF handling, enabling remote DoS via crafted certificates. Connected advisories confirm affected package libtasn1 and provide mitigations: update to patched libtasn1 versions (e.g., 4.19.x+/4.10.x+ as per distro advisories). If e...

CVE-2022-33259

Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received...

CVE-2020-6112

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...

CVE-2024-21453

Transient DOS while decoding message of size that exceeds the available system memory...

CVE-2024-54107

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-54106

Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2025-20890

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability...

CVE-2025-20889

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability...

CVE-2025-20881

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability...

Important: gstreamer1-plugins-base

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd-vi.channels exceeds 64, t...

PT-2025-4172 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is related to an out-of-bounds write in the decoding frame buffer in libsthmbc.so. This allows local attackers to execute arbitrary code with privilege. User...

PT-2025-4171 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is related to an out-of-bounds read in decoding a malformed bitstream for smp4vtd in libsthmbc.so. This allows local attackers to read arbitrary memory, with user...

PT-2025-4163 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is an out-of-bounds write in accessing a buffer that stores decoded video frames. This allows local attackers to execute arbitrary code with privilege, but user...

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...

[SECURITY] Fedora 40 Update: SDL2_sound-2.0.4-1.fc40

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

[SECURITY] Fedora 41 Update: SDL2_sound-2.0.4-1.fc41

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

caido 跨站脚本漏洞

caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit Web applications efficiently and easily. A cross-site scripting vulnerability exists in Caido version v0.45.0 that stems from improper cleanup in the URL decoding tooltip of the HTTP...