GHSA-CWQ5-8PVQ-J65J Zserio Runtime: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

Summary Unbounded Memory Allocation all platforms A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. Affected code C++: - cpp/runtime/src/zserio/Array.h line 1029 — mrawArray.reservereadLength with uncheck...

Zserio Runtime: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

Summary Unbounded Memory Allocation all platforms A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. Affected code C++: - cpp/runtime/src/zserio/Array.h line 1029 — mrawArray.reservereadLength with uncheck...

CVE-2020-11138

Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...

CVE-2020-3686

Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

PT-2024-10590 · Unknown · Libmpeg2Dec

Name of the Vulnerable Software and Affected Versions: libmpeg2dec affected versions not specified Description: The issue is related to a possible out-of-bounds OOB read in the impeg2d bit stream flush function of libmpeg2dec due to a missing bounds check. This could lead to a remote Denial of...

SUSE CVE-2023-2617

A vulnerability classified as problematic was found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decodedbitstreamparser.cpp. The manipulation leads to null pointer dereference. The...

DEBIAN-CVE-2023-2617

A vulnerability classified as problematic was found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decodedbitstreamparser.cpp. The manipulation leads to null pointer dereference. The...

CVE-2021-45861

There is an Assertion num = INTBIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277...

CVE-2020-3686

Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

UBUNTU-CVE-2019-11505

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to...

CVE-2018-11278

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault...