PT-2025-7260 · Git +1 · Wavpack

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the following functions: get word, unpack samples, and...

OSV-2025-105 Heap-use-after-free in unpack_dsd_samples

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=395207094 Crash type: Heap-use-after-free READ 1 Crash state: unpackdsdsamples unpacksamplesworkerthread unpacksamplesworkerthread...

PT-2025-7256 · Wavpack · Wavpack

Name of the Vulnerable Software and Affected Versions: Wavpack affected versions not specified Description: The issue is related to a crash caused by a use-of-uninitialized-value error. The crash occurs in the decimate dsd run function, which is called by WavpackUnpackSamples. This suggests a...

org.apache.cocoon:cocoon-apples-sample (=2.3.0), org.apache.cocoon:cocoon-dist-samples (=2.3.0) +8 more potentially affected by CVE-2025-24783 via org.apache.cocoon:cocoon-forms-impl (=2.3.0)

org.apache.cocoon:cocoon-forms-impl MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cocoon:cocoon-forms-impl and may be impacted: - org.apache.cocoon:cocoon-apples-sample =2.3.0 - org.apache.cocoon:cocoon-dist-samples...

PT-2025-36281

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The insn rw emulate bits function, used as a default handler for INSN READ and INSN WRITE instructions in the comedi subsystem, does not correctly handle multiple samples as indicated by...

MAL-2024-12129 Malicious code in aws-iot-samples-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 379933a89a9078f046a3ed35489373ccc8c0e070cef4700bbd90d36f087d5569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: mpg123:1.32.9 security update

An update for the mpg123:1.32.9 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: mpg123:1.32.9 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

Moderate: mpg123 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

ALSA-2024:11193 Moderate: mpg123 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

SUSE CVE-2024-47537

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-samples to accommodate stream-nsamples + samplescount elements of type QtDemuxSample. The problem is that samplescount is read from the input file. And i...

SUSE CVE-2024-47597

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

DEBIAN-CVE-2024-47597

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

AZL-62384 CVE-2024-47597 affecting package gstreamer1 1.20.0-2

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

GStreamer 输入验证错误漏洞

GStreamer is a GStreamer open source set of frameworks for processing streaming media. An input validation error vulnerability exists in GStreamer, which stems from an integer overflow during addition when samplescount is large enough...

GStreamer 缓冲区错误漏洞

GStreamer is an open source set of frameworks for processing streaming media from GStreamer. A buffer error vulnerability exists in GStreamer versions prior to 1.24.10, which stems from an out-of-bounds read detected in the qtdemuxparsesamples function in qtdemux.c. The vulnerability is caused by...

OpenEXR: Heap Overflow in Scanline Deep Data Parsing

A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanlin...

Malicious code in @ciam-expressjs-vanilla-samples/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc28deadcf9235665f79c65d92ca7684f27361c14efa6bcd44ad82b40947b9df The OpenSSF Package Analysis project identified '@ciam-expressjs-vanilla-samples/shared' @ 1.0.1 npm as malicious. It is considered malicious...

Malicious code in nodejs-docs-samples-vision (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1cdc3327056c67e82939a16ed3db3bac39a19b9dbcadfe2aabfd9dbaa353635 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Azure ML.NET Samples mlnetfilestorage Uncontrolled Search Path Element Vulnerability

This vulnerability allows remote attackers to manipulate sample datasets on affected installations of ML.NET Samples for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of ML.NET Samples. When installed from the...