12 matches found
JLSEC-2026-647 It is possible to cause an use-after-free write in SANM decoding with a carefully crafted...
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...
Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
SUSE CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
SUSE CVE-2025-59733
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...
UBUNTU-CVE-2025-59728
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...
CVE-2025-59732 Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...
CVE-2025-59731
OpenEXR/FFmpeg CVE-2025-59731 describes a vulnerability in DWAA/DWAB run-length decoding where the rle_raw_size is not checked when calculating output data. The decoder reads rle_raw_size, decompresses into td->rle_raw_data, and may access entries up to (td->xsize-1)*(td->ysize-1) + rle_...
EUVD-2025-32517
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
CVE-2025-59728
CVE-2025-59728 is a FFmpeg memory-handling vulnerability: during dash manifest content path resolution, a heap-buffer-overflow write occurs when appending a trailing '/' in the MDASH resolve_content_path flow, potentially affecting multiple Ubuntu/SUSE advisories referencing FFmpeg. The issue is ...
PT-2025-40876
Name of the Vulnerable Software and Affected Versions Versions prior to 8.0 Description A heap-buffer-overflow can occur when decoding a frame for a SANM file ANIM v0 variant. Frames encoded with codec 48 can specify their resolution width x height, and a buffer is allocated based on this...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustio...
PT-2023-24731 · Keyfactor · Keyfactor Ejbca
Name of the Vulnerable Software and Affected Versions: Keyfactor EJBCA versions prior to 8.0.0 Description: The issue is related to an authentication problem in the RA web certificate distribution servlet, specifically at the "/ejbca/ra/cert" endpoint. This can lead to a partial denial of service...