3142 matches found
libvpx: Integer overflow in vpx_img_alloc()
A flaw was found in libvpx. When creating images, libvpx trusts the width, height, and alignment of the user input. However, it does not properly validate the provided values. This flaw allows an attacker to craft user inputs or trick the user into opening crafted files, where these types of valu...
OSV-2024-1313 Security exception in org.apache.commons.codec.language.bm.Rule$Phoneme.<init>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379008019 Crash type: Security exception Crash state: org.apache.commons.codec.language.bm.Rule$Phoneme. org.apache.commons.codec.language.bm.Rule$Phoneme. org.apache.commons.codec.language.bm.PhoneticEngine$PhonemeBuilder.app...
netty-codec-http: Allocation of Resources Without Limits or Throttling
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
freerdp: integer underflow in nsc_rle_decode
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the NSC codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not...
kernel: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdwrtsdcajackcommon: ctx-headsetcodecdev = NULL The Linux kernel CVE team has assigned CVE-2023-52697 to this issue. Upstream advisory:...
kernel: i2c: lpi2c: Avoid calling clk_get_rate during transfer
A vulnerability was found in the lpi2c driver in the Linux kernel's i2c subsystem, where the clkgetrate function is called during data transfers, which can lead to a deadlock situation when an audio codec attempts to access the i2c bus while holding the clock mutex, resulting in a denial of servi...
media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
...
media: mediatek: vcodec: Fix H264 stateless decoder smatch warning
...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from incorrect bounds checking in mmGetMobileIdIndexForNsUpdate in mmGmmPduCodec.c, which can be exploited by an attacker to cause an out-of-bounds write...
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7
Summary cURL libcurl, Apache Xerces2 Java, Apache Jena, Spring Framework, json-smart-v1 and json-smart-v2 , libxml2, Apache Standard Taglibs , Apache ActiveMQ, Apache Commons Codec are identified as vulnerable components with multiple reported vulnerabilities, CVE-2022-35260, CVE-2022-42915,...
Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NRW...
PT-2024-38756 · Nikon · Nikon Nef Codec
Name of the Vulnerable Software and Affected Versions: Nikon NEF Codec affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this issue, where the target must...
DEBIAN-CVE-2024-47753
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdecvp8reqif.c. Which leads to a kernel crash when fb is NULL...
UBUNTU-CVE-2024-47752
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Fix a smatch static checker warning on vdech264reqif.c. Which leads to a kernel crash when fb is NULL...
UBUNTU-CVE-2024-47753
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdecvp8reqif.c. Which leads to a kernel crash when fb is NULL...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a smatch warning in the H264 multi-state stateless decoder by the mediatek vcodec driver...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a smatch warning for the H264 stateless decoder in the media:mediatek:vcodec subsystem...
Malicious code in eventstream-codec (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9602 Malicious code in eventstream-codec (npm)
--- -= Per source details. Do not edit below this line.=-...
PT-2025-28385 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to 15 Description: The issue concerns an out-of-bounds write in the handling of macro blocks for the MPEG4 codec in the libsavsvc.so library. This allows local attackers to write out-of-bounds memory. Recommendations: F...