CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

Design/Logic Flaw

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

CVE-2022-0552

Technical details for CVE-2022-0552 are not provided in the supplied documents. Public details such as affected products, exploitability, and remediation are not present here; please monitor for updates.

The vulnerability of the decode_CABAC_bit function in the h.265 Libde265 video codec implementation allows a attacker to cause a service failure.

The vulnerability of the decodeCABACbit function in the h.265 Libde265 video codec implementation is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created file...

PT-2022-13256 · Unknown · Openshift-Logging/Elasticsearch6-Rhel8 +3

Name of the Vulnerable Software and Affected Versions: origin-aggregated-logging versions 3.11 Description: A flaw was found in the original fix for the netty-codec-http issue, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete, and the vulnerable...

GHSA-MCQ2-W56R-5W2W Daemon panics when processing certain blocks

Impact go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes that work with these malformed graphs may crash leading to denial-of-service risks. This particularly...

ipld/go-codec-dagpb panics when processing certain blocks

Impact Decoding certain blocks using the go-ipld-prime version of the dag-pb codec go-codec-dagpb can cause a panic. The panic comes from an assumption that the reported link length is accurate, but if the block ends before that reported length then it’s a buffer overread. Patches The issue is...

GHSA-G3VV-G2J5-45F2 ipld/go-codec-dagpb panics when processing certain blocks

Impact Decoding certain blocks using the go-ipld-prime version of the dag-pb codec go-codec-dagpb can cause a panic. The panic comes from an assumption that the reported link length is accurate, but if the block ends before that reported length then it’s a buffer overread. Patches The issue is...

PT-2022-17563 · Unknown · Go-Codec-Dagpb

Name of the Vulnerable Software and Affected Versions: go-codec-dagpb versions prior to 1.3.1 Description: The dag-pb codec can panic when decoding invalid blocks, due to an assumption that the reported link length is accurate. If the block ends before the reported length, it results in a buffer...

The vulnerability of the `put_weighted_bipred_16_fallback` function in the h.265 Libde265 implementation allows a perpetrator to trigger a service failure.

The vulnerability of the putweightedbipred16fallback function in the h.265 Libde265 implementation is related to writing outside the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created file...

[SECURITY] Fedora 35 Update: openjpeg2-2.4.0-5.fc35

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profile-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple...

Fedora: Security Advisory for flac (FEDORA-2022-ee96acc54f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: openjpeg2-2.4.0-7.fc36

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profile-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple...

[SECURITY] Fedora 36 Update: flac-1.3.4-1.fc36

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

Vulnerability in LESS Transformer Plugin used by Bitbucket

h3. Issue Summary As of Bitbucket 7.21 the LESS Transformer Plugin shipped is version 4.0.0. Unfortunately it has a dependency on commons-codec version 1.4 which has a number of security vulnerabilities. eg.commons-codec:commons-codec / 1.4 Apache Commons Codec...

Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Spectrum Control (177835)

Summary Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. This vulnerability affects IBM Spectrum Control. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Ba...

CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...

CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...

DEBIAN-CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...