GPAC Project Advanced Content 缓冲区错误漏洞

A security vulnerability exists in GPAC Project Advanced Content, an open source multimedia framework, which stems from multiple exploitable integer overflow vulnerabilities in the MPEG-4 decoding functionality of Advanced Content. A specially crafted MPEG-4 file input could cause an integer...

GPAC 安全漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering.The MPEG-4 decoding feature of GPAC Project on Advanced Content library 1.0.1 suffers from an integer...

PT-2021-6554 · Gpac · Gpac Project On Advanced Content Library

Name of the Vulnerable Software and Affected Versions: GPAC Project on Advanced Content library version 1.0.1 Description: An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality. The stri box read function is used when processing atoms using the 'stri'...

OESA-2021-1303 libass security update

libass is a portable subtitle renderer for the ASS/SSA Advanced Substation Alpha/Substation Alpha subtitle format. It is mostly compatible with VSFilter. Security Fixes: libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the...

php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

OESA-2021-1286 libexif security update

Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Security Fixes: An issue was discovered in libexif before 0.6.22. Use of uninitialized memor...

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.

...

CVE-2021-36980

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

DEBIAN-CVE-2021-36980

Open vSwitch aka openvswitch 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

AZL-6781 CVE-2021-36980 affecting package openvswitch for versions less than 2.17.0-1

Open vSwitch aka openvswitch 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

UBUNTU-CVE-2021-36980

Open vSwitch aka openvswitch 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

CVE-2021-36980

CVE-2021-36980 affects Open vSwitch (openvswitch) versions 2.11.0 through 2.15.0, with a use-after-free in decode_NXAST_RAW_ENCAP during decoding of RAW_ENCAP actions. Affected components: Open vSwitch core handling of OPENFLOW NXT actions (decode of RAW_ENCAP). Reported impact in advisories indi...

libsndfile 缓冲区错误漏洞

libsndfile is an AC library for reading and writing sound files containing sampled audio data. A security vulnerability exists in libsndfile 1.0.30, which stems from a heap buffer overflow vulnerability in the msadpcm decoding block allows an attacker to execute arbitrary code via a crafted WAV...

Open vSwitch 资源管理错误漏洞

Open vSwitch is an open source virtual switch. A resource management error vulnerability exists in Open vSwitch a.k.a. openvswitch versions 2.11.0 through 2.15.0, which stems from the fact that in decodeNXASTRAWENCAP invoked from ofpactdecode and ofpactsdecode there is during decoding the RAWENCA...

ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and several other file formats. A security vulnerability exists in ok-file-formats, which stems from a vulnerability that allows an attacker to cause a denial of service DOS via a crafted jpeg file...

CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

DEBIAN-CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

DEBIAN-CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

User Enumeration

Overview Affected versions of this package are vulnerable to User Enumeration. In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attac...