The vulnerability of the de265_image::available_zscan function in the h.265 Libde265 implementation allows a attacker to cause a service failure.

The vulnerability of the de265image::availablezscan function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to cause a service failure using a specially created file...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s encoding function allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Denial Of Service (DoS)

GNOME gdk-pixbuf is vulnerable to denial of service. A heap-buffer overflow is happened when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12 which causes an application crash...

Directory traversal

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

CVE-2021-43957

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

There is a possibility of Token transfer getting stuck when using Erc1155BatchMessage

Lines of code Vulnerability details Impact In the event of user error while making the calldata for encodeTransferErc1155BatchMessage, where the size of the arrays of ids and amounts donot match, the message will get encoded due to no input validation, however the transfer will fail at the other...

CVE-2022-25051

An Off-by-one Error occurs in cmr113decode of rtl433 21.12 when decoding a crafted file...

CVE-2022-25051

An Off-by-one Error occurs in cmr113decode of rtl433 21.12 when decoding a crafted file...

Code injection

An Off-by-one Error occurs in cmr113decode of rtl433 21.12 when decoding a crafted file...

CVE-2022-25051

An Off-by-one Error occurs in cmr113decode of rtl433 21.12 when decoding a crafted file...

CVE-2022-0150

The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...

GHSA-J3MJ-FHPQ-QQJJ Reachable Assertion in Tensorflow

Impact When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow...

Google Tensorflow Resource Management Error Vulnerability (CNVD-2022-09858)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a resource management error vulnerability that can be exploited by an attacker to cause use-after-release behavior when decoding PNG images...

ffjpeg 缓冲区错误漏洞

ffjpeg is a JPEG encoder/decoder. ffjpeg suffers from a buffer overflow vulnerability that stems from a failure of the jfifdecode function in the product/src/jfif.c file to properly handle memory boundaries, which could be exploited by an attacker to cause a denial of service via a special jpeg...

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

Null pointer dereference

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

PYSEC-2022-149

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...

PYSEC-2022-128

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow...

PYSEC-2022-79

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

Design/Logic Flaw

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...