11090 matches found
CVE-2026-32256 music-metadata has an infinite loop vulnerability in ASF parser
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...
CVE-2026-32256
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...
CVE-2026-32256
CVE-2026-32256 affects the music-metadata library in the ASF parser path (parseExtensionObject in lib/asf/AsfParser.ts). Before version 11.12.3, if a sub-object inside the ASF Header Extension Object has objectSize = 0, the parser can enter an infinite loop, causing an application hang. Version 1...
CVE-2026-32256 music-metadata has an infinite loop vulnerability in ASF parser
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an infinite loop in the attrloadrunsrange function when metadata is inconsistent. This vulnerability...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ATTRLIST attribute of zero size, potentially triggering an infinite loop and leading to a...
Linux Distros Unpatched Vulnerability : CVE-2025-71266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs: ntfs3: check return value of indxfind to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS...
GO-2026-4526 Infinite loop in github.com/antchfx/xpath
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop due to the logicalQuery.Select process. An attacker can cause excessive CPU consumption and denial of service by submitting specially crafted Boolean XPath expressions that always evaluate to true, such as "1=1" or "true"...
Infinite loop
Overview music-metadata is a Music metadata parser for Node.js, supporting virtual any audio and tag format. Affected versions of this package are vulnerable to Infinite loop through the parseExtensionObject process in the ASF parser when handling a sub-object with objectSize = 0. An attacker can...
music-metadata has an infinite loop vulnerability in ASF parser
Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...
GHSA-V6C2-XWV6-8XF7 music-metadata has an infinite loop vulnerability in ASF parser
Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...
Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: Support...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
...
PT-2026-25979
Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...