3140 matches found
CVE-2025-58480
The CVE-2025-58480 entry describes a heap-based buffer overflow in Samsung’s libimagecodec.quram.so used by the JPEG decoding path. The issue arises in the decoder component and allows remote attackers to access out-of-bounds memory, with documented PoC showing a crafted JPEG could trigger a cras...
EUVD-2025-200139
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
CVE-2025-58479
CVE-2025-58479 concerns an out-of-bounds read in libimagecodec.quram.so. Connected documents show a PoC demonstrating an out-of-bounds read/write in Samsung QuramDng image parsing, triggered by a malformed DNG embedded in a JPEG, leading to memory corruption and potential crashes on Samsung devic...
CVE-2025-58479
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
CVE-2025-58478
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
CVE-2025-58478
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
EUVD-2025-200141
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
CVE-2025-58477
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
CVE-2025-63095
Improper input validation in the BitstreamWriter::writebits function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service DoS via a crafted input...
PT-2025-48595
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
PT-2025-48597
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...
EUVD-2025-199991
Improper input validation in the BitstreamWriter::writebits function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-63095
Improper input validation in the BitstreamWriter::writebits function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-63095
Improper input validation in the BitstreamWriter::writebits function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service DoS via a crafted input...
Hello Video Codec 安全漏洞
Hello Video Codec is a video codec from Tempus Ex open source. A security vulnerability exists in Hello Video Codec version v0.1.0, which stems from improper validation of inputs to the BitstreamWriter::writebits function, which could lead to a denial of service attack...
PT-2025-48451
Name of the Vulnerable Software and Affected Versions Tempus Ex hello-video-codec version 0.1.0 Description A flaw exists in the BitstreamWriter::write bits function that allows for a Denial of Service DoS through crafted input due to improper input validation. Recommendations Update to a newer...
CVE-2025-63095
Improper input validation in the BitstreamWriter::writebits function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-63095
CVE-2025-63095 affects Tempus Ex hello-video-codec v0.1.0. The vulnerability is due to improper input validation in BitstreamWriter::write_bits(), enabling a Denial of Service via crafted input. Public advisories (e.g., PT-2025-48451) recommend updating to a newer, fixed version. Connected source...
CVE-2025-65102
PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...