PT-2025-53699

Name of the Vulnerable Software and Affected Versions Open5GS versions through 2.7.5 Description A flaw exists in Open5GS affecting the decode ipv6 header/ogs pfcp pdr rule find by packet function within the lib/pfcp/rule-match.c file of the PFCP Session Establishment Request Handler component...

CVE-2025-64702 quic-go HTTP/3 QPACK Header Expansion DoS

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-21488

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from not properly handling padding bits when decoding RTP packet headers, which could lead to information disclosure...

CVE-2025-21008

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...

CVE-2025-21009

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which originates from an out-of-bounds read when decoding a frame header, which may result ...

SUSE CVE-2004-1036

Cross-site scripting XSS vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML...

USN-4009-2 php5 vulnerabilities

USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP t...

CVE-2016-7555

The avireadheader function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure...

Lhasa Integer Overflow Vulnerability

Lhasa is a freeware alternative to the LHA compression program for Unix, developed by software developer Simon Howard. The program is capable of decompressing .lzh and .lzs files. An integer overflow vulnerability exists in the 'decodelevel3header' function in Lhasa's lib\lhafileheader.c file,...

DEBIAN-CVE-2011-3944

The smackerdecodeheadertree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data...

security flaw

Cross-site scripting XSS vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML...

squirrelmail -- cross site scripting vulnerability

A SquirrelMail Security Notice reports: There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings...