CVE-2020-36332

CVE-2020-36332 affects the libwebp library (versions before 1.0.1). The issue is an excessive memory allocation when reading a file, as described across multiple connected advisories (e.g., AlmaLinux, Debian DSA, CNVD). Impact is primarily availability-related (denial of service potential). Affec...

CVE-2020-36332

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability...

CVE-2020-36331

CVE-2020-36331 affects libwebp prior to 1.0.1, with an out-of-bounds read in the ChunkAssignData path (mux/muxinternal.c). The vulnerability impacts data confidentiality and availability. Public documents confirm the root cause as out-of-bounds read in the specified function, and multiple advisor...

CVE-2020-36331

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

CVE-2020-36331

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

CVE-2020-36330

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability...

CVE-2020-36330

CVE-2020-36330 describes an out-of-bounds read in libwebp prior to version 1.0.1, triggered in the ChunkVerifyAndAssign function. The documented impact is data confidentiality loss and reduced availability. Public references in the Connected documents corroborate the flaw in libwebp and align wit...

CVE-2020-36330

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability...

libwebp 缓冲区错误漏洞

Libwebp is a WebP image format encoding and decoding library . A security vulnerability exists in versions of Libwebp prior to 1.0.1. An attacker could exploit the vulnerability to threaten data confidentiality and service availability...

libwebp 缓冲区错误漏洞

Libwebp is a WebP image format encoding and decoding library . Libwebp versions prior to 1.0.1 are fully vulnerable. An attacker can exploit the vulnerability to threaten data confidentiality and service availability...

libwebp 缓冲区错误漏洞

Libwebp is a WebP image format encoding and decoding library . A security vulnerability exists in versions of Libwebp prior to 1.0.1. An attacker could exploit the vulnerability to threaten data confidentiality and service availability...

Denial Of Service (DoS)

unboubnd is vulnerable to denial of service. According to the original report there are checks happening before the affected function that make this not exploitable. For these reasons its Impact is Moderate. Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdatacopy. A...

unbound: integer overflow in the regional allocator via regional_alloc

A flaw was found in unbound. An integer overflow in regionalalloc function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker and can be big enough. The highest threat from this vulnerability is to data confidentiality and integrity as well as servi...

unbound: assertion failure and denial of service in synth_cname

A flaw was found in unbound. A reachable assertion in the synthcname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dnamepktcopy function. The highest threat from this vulnerability...

unbound: infinite loop via a compressed name in dname_pkt_copy

A flaw was found in unbound. An infinite loop in dnamepktcopy function could be triggered by a remote attacker. The highest threat from this vulnerability is to service availability...

unbound: integer overflow in a size calculation in respip/respip.c

A flaw was found in unbound. An integer overflow in ubpackedrrsetkey function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

unbound: out-of-bounds write in sldns_bget_token_par

A flaw was found in unbound. An out-of-bounds write in the sldnsbgettokenpar function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

unbound: assertion failure via a compressed name in dname_pkt_copy

A flaw was found in unbound. A reachable assertion in the dnamepktcopy function can be triggered through compressed names. The highest threat from this vulnerability is to service availability...

spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw allows an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highes...

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...