23 matches found
gstreamer1-plugins-bad-free security update
An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...
SUSE-SU-2026:2744-1 Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issue - CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder bsc1268401...
CVE-2026-9263
The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...
CVE-2026-9263 Out-of-bounds read in Bluetooth Controller ISOAL framed RX reassembly leaks adjacent memory into host HCI ISO packets
The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...
CVE-2026-9263
The CVE-2026-9263 issue affects Zephyr’s ISO Adaptation Layer (ISOAL) in the Bluetooth controller. The root cause is that framed ISO PDU start segments (sc=0) with len len - 3 to underflow when len is 0–2. This produced an oversized length (up to 253–255) that was passed to isoal_rx_append_to_sdu...
DEBIAN-CVE-2026-52719
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...
CVE-2026-52719
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...
CVE-2026-52719
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...
CVE-2026-52719 Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validation in va decoder
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...
CVE-2026-52719 Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validation in va decoder
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...
CVE-2026-52719
GStreamer: out-of-bounds read in the VA JPEG decoder of gst-plugins-bad (CVE-2026-52719). The JPEG parser reads a segment length without validating against available data, enabling a remote attacker to craft a JPEG that, when opened by a user, may cause parsing to read beyond the input buffer, po...
UBUNTU-CVE-2026-46119
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its result field, it is treated as an error code by cephhandleauthreply an...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt7601u: Fix an integer underflow An integer underflow caused by a null pointer dereference occurred in mt7601urxskbfromseg. The variable dmalen in the URB packet could be manipulated, which could trigger an integer underfl...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011039)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011039 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer...
UBUNTU-CVE-2023-53679
In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601urxskbfromseg'. The variable 'dmalen' in the URB packet could be manipulated, which could trigger an integer...
CVE-2023-53679
CVE-2023-53679 pertains to the Linux kernel Bluetooth/WiFi stack, specifically the mt7601u driver in the wifi subsystem. The issue is an integer underflow in the URB handling path that can allow a null pointer dereference when processing RX segments. The root cause is a manipulated dma_len in the...
EUVD-2025-32740
In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601urxskbfromseg'. The variable 'dmalen' in the URB packet could be manipulated, which could trigger an integer...
CVE-2023-53679 wifi: mt7601u: fix an integer underflow
In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601urxskbfromseg'. The variable 'dmalen' in the URB packet could be manipulated, which could trigger an integer...
PT-2025-41123
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0+ Description An integer underflow issue exists in the Linux kernel's mt7601u driver, specifically within the 'mt7601u rx skb from seg' function. This underflow can occur due to manipulation of the dma len...
kernel: wifi: mt7601u: fix an integer underflow
In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601urxskbfromseg'. The variable 'dmalen' in the URB packet could be manipulated, which could trigger an integer...