Important: flac security update

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files...

ALSA-2023:5048 Important: flac security update

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files...

The vulnerability of the av1/av1_dx_iface.c component in the library that implements the AV1 codec of the Debian GNU/Linux operating system allows a perpetrator to trigger a service failure.

The vulnerability of the av1/av1dxiface.c component in the library that implements the AV1 codec in the Debian GNU/Linux operating system is related to the use of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

The vulnerability of the aom_image.c component in the library, which implements the AV1 codec, in the Debian GNU/Linux operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the aomimage.c component in the library, which implements the AV1 codec, in the Debian GNU/Linux operating system is related to incorrect handling of hard links. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the rate Hist component in the rate_hist.c library, which implements the AV1 codec of the Debian GNU/Linux operating system, relates to the assignment of the null pointer. This allows an attacker to trigger a service failure.

The vulnerability of the rate Hist component in the ratehist.c library, which implements the AV1 codec for the Debian GNU/Linux operating system, is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

The vulnerability of the aom_dsp/grain_table.c component in the library, which implements the AV1 codec of the Debian GNU/Linux operating system, allows a perpetrator to execute arbitrary code.

The vulnerability of the aomdsp/graintable.c component in the library, which implements the AV1 codec, in the Debian GNU/Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

The vulnerability in the stats/rate_hist.c component of the library, which implements the AV1 codec of the Debian GNU/Linux operating system, allows a hacker to execute arbitrary code.

The vulnerability in the stats/ratehist.c component of the library, which implements the AV1 codec for the Debian GNU/Linux operating system, relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker, working remotely, to execute arbitrary co...

The vulnerability of the partition_search.h component in the library, which implements the AV1 codec of the Debian GNU/Linux operating system, allows a hacker to execute arbitrary code.

The vulnerability of the partitionsearch.h component in the library that implements the AV1 codec in the Debian GNU/Linux operating system is due to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Security Bulletin: Multiple vulnerabilities in commons-codec-1.10.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in commons-codec-1.10.jar used by IBM Application Performance Management. IBM Applicatoon Performance Management has addressed the applicable CVEs. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attack...

VulnCheck KEV: CVE-2023-4863

Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec...

[SECURITY] [DSA 5490-1] aom security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5490-1 [email protected] https://www.debian.org/security/ Markus Koschany September 06, 2023 https://www.debian.org/security/faq -...

Security Bulletin: Vulnerability found in commons-codec-1.5.jar which is shipped with IBM® Intelligent Operations Center(177835)

Summary Vulnerability have been identified in commons-codec-1.5.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details IBM X-Force...

The vulnerability in the `libfreerdp/codec/rfx.c` component of the RDP client FreeRDP, related to the occurrence of operations outside the buffer boundaries in memory, allows a hacker to trigger a service failure.

The vulnerability in the libfreerdp/codec/rfx.c component of the RDP client FreeRDP is related to the issue where operations are performed outside of the buffer boundaries in memory when processing parameters tile-quantIdxY, tile-quantIdxCb, and tile-quantIdxCr. Exploiting this vulnerability can...

CVE-2023-39353

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the libfreerdp/codec/rfx.c file there is no offset validation in tile-quantIdxY, tile-quantIdxCb, a...

DEBIAN-CVE-2023-39353

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the libfreerdp/codec/rfx.c file there is no offset validation in tile-quantIdxY, tile-quantIdxCb, a...

UBUNTU-CVE-2023-39353

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the libfreerdp/codec/rfx.c file there is no offset validation in tile-quantIdxY, tile-quantIdxCb, a...

CVE-2023-39353 Missing offset validation leading to Out Of Bound Read in FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the libfreerdp/codec/rfx.c file there is no offset validation in tile-quantIdxY, tile-quantIdxCb, a...

FreeRDP 缓冲区错误漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from a buffer error vulnerability that stems from the absence of offset validation in tile-quantIdxY, tile-quantIdxCb, and tile-quantIdxCr in the libfreerdp/codec/rfx.c file...

UBUNTU-CVE-2020-22219

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

Free Lossless Audio Codec 安全漏洞

Free Lossless Audio Codec FLAC is an open source software from the Xiph.Org Foundation open source. It can reduce the amount of storage space needed to store digital audio signals. A security vulnerability exists in versions of Free Lossless Audio Codec prior to 1.4.0, which stems from a buffer...