The vulnerability of the `put_qpel_fallback<unsigned short>` function (implemented in fallback-motion.cc) of the h.265 Libde265 codec allows a perpetrator to trigger a service failure.

The vulnerability of the putqpelfallback function implemented in fallback-motion.cc of the h.265 Libde265 codec is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the `put_epel_hv_fallback<unsigned short>` function (implemented in fallback-motion.cc) of the h.265 Libde265 codec allows a attacker to trigger a service failure.

The vulnerability of the putepelhvfallback function implemented in fallback-motion.cc of the h.265 Libde265 codec is related to writing beyond the buffer’s boundaries. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially created file...

The vulnerability of the `apply_sao_internal<unsigned short>` function (sao.cc) in the h.265 Libde265 codec implementation allows a attacker to cause a service failure.

The vulnerability of the applysaointernal function sao.cc in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

Security Bulletin: Netty-codec-http2 is vulnerable to CVE-2023-44487 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2 which is vulnerable to CVE-2023-44487. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of...

USN-6659-1: libde265 vulnerabilities

It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2022-43244, CVE-2022-43249, CVE-2022-43250,...

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary There are vulnerabilities in Apache Xalan, Apache Commons Codec, IBM® Java™ Version 8, and OpenSSL that are consumed by IBM Cognos Transformer. These have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for...

Security Bulletin: Due to the use of Apache Commons Codec, IBM CICS Transaction Gateway for Multiplatforms is vulnerable to an information exposure.

Summary There is a vulnerability in Apache Commons Codec library which is shipped as part of IBM CICS Transaction Gateway for Multiplatforms. An update to IBM CICS Transaction Gateway for Multiplatforms has been released to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835...

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...

dav1d Input Validation Error Vulnerability

dav1d is an AV1 cross-platform decoder from the individual developers at Void². A security vulnerability exists in dav1d versions prior to 1.4.0, which stems from an integer overflow vulnerability in the AV1 decoder...

Amazon Linux 2 : gstreamer1-plugins-bad-free (ALAS-2024-2454)

The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2454 advisory. GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE:...

PT-2024-19372

Name of the Vulnerable Software and Affected Versions Mathieu Malaterre Grassroot DICOM version 3.0.23 Description An out-of-bounds write issue exists in the JPEG2000Codec::DecodeByStreamsCommon functionality. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can...

USN-6627-1: libde265 vulnerabilities

It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. CVE-2021-35452, CVE-2021-36411, CVE-2022-43238, CVE-2022-43241,...

GLSA-202402-04 : GNAT Ada Suite: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202402-04 GNAT Ada Suite: Remote Code Execution - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 Note that Nessus has not tested for this...

USN-6617-1: libde265 vulnerabilities

It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and...

PT-2024-6079 · Gstreamer +5 · Gstreamer +5

Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.22.9 Description: This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of tile list data within AV1-encoded video files...

EulerOS Virtualization 2.10.1 : nghttp2 (EulerOS-SA-2023-3506)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping...

EulerOS 2.0 SP9 : nghttp2 (EulerOS-SA-2023-3346)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...

Security Bulletin: Security vulnerability in apache commons-codec may affect IBM Business Automation Workflow Case and Case History event emitters

Summary IBM Business Automation Workflow is vulnerable to an information leagage vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker cou...

The vulnerability of the ExtendedDocumentCodec class in the industrial automation software suite Inductive Automation Ignition allows a perpetrator to execute arbitrary code.

The vulnerability of the ExtendedDocumentCodec class in Inductive Automation Ignition software relates to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...