netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service...

EUVD-2022-54616

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt7-sdw: harden jackdetecthandler Realtek headset codec drivers typically check if the card is instantiated before proceeding with the jack detection. The rt700, rt711 and rt711-sdca are however missing a check on the card...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987685)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987685 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987635 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: prevent the potentially use of null pointer There is one call trace that...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987612)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987612 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: handle channel mappping list correctly Currently each channel is added as...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

JLSEC-2025-111 decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in cal...

decodeframe in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations...

JLSEC-2025-114 dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_cou...

dwauncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dccount is not strictly checked...

Security Bulletin: Due to use of netty-codec, IBM Sterling Connect:Direct Web Services is affected by denial of service.

Summary Netty-codec is used by IBM Sterling Connect:Direct Web Services CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...

ai.spice:spiceai (=0.6.0), cn.hserver:hserver (=3.7.0) +513 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.2.0.Alpha1 <=4.2.6.Final)

io.netty:netty-codec-smtp MAVEN version =4.2.0.Alpha1, =4.2.6.Final is affected by a known vulnerability. The following packages have a transitive dependency on io.netty:netty-codec-smtp and may be impacted: - ai.spice:spiceai =0.6.0 - cn.hserver:hserver =3.7.0 - cn.hserver:hserver-netty-web...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2219 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.1.100.Final <=4.1.127.Final)

io.netty:netty-codec-smtp MAVEN version =4.1.100.Final, =0.0.86, =0.0.86, =0.0.1, =2.0.24, =1.1.9, =0.3.36, =1.9.0, =2.0.0, =2.4.0, =2.4.0, =0.0.15, =4.0.0, =1.0.3, =1.1.2 and more Source cves: CVE-2025-59419 Source advisory: OSV:GHSA-JQ43-27X9-3V86...

ai.spice:spiceai (=0.6.0), cn.hserver:hserver (=3.7.0) +513 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.2.0.Alpha1 <=4.2.6.Final)

io.netty:netty-codec-smtp MAVEN version =4.2.0.Alpha1, =4.2.6.Final is affected by a known vulnerability. The following packages have a transitive dependency on io.netty:netty-codec-smtp and may be impacted: - ai.spice:spiceai =0.6.0 - cn.hserver:hserver =3.7.0 - cn.hserver:hserver-netty-web...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via insufficient input validation in the DefaultSmtpRequest process. An attacker can inject arbitrary SMTP commands by supplying malicious parameters containing CRLF sequences, allowing the sending of forged emails that...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2219 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.1.100.Final <=4.1.127.Final)

io.netty:netty-codec-smtp MAVEN version =4.1.100.Final, =0.0.86, =0.0.86, =0.0.1, =2.0.24, =1.1.9, =0.3.36, =1.9.0, =2.0.0, =2.4.0, =2.4.0, =0.0.15, =4.0.0, =1.0.3, =1.1.2 and more Source cves: CVE-2025-59419 Source advisory: SNYK:JAVA-IONETTY-13560334...

netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service...

media: mediatek: vcodec: Handle invalid decoder vsi

...

EUVD-2025-33677

Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21055

CVE-2025-21055 concerns an out-of-bounds read/write in Samsung’s QuramDNG codec library, specifically the shared object libimagecodec.quram.so. The root cause is memory boundary violations when processing certain image data, enabling a remote attacker to access memory outside the intended buffers...

AlmaLinux 10 : gstreamer1-plugins-bad-free (ALSA-2025:8184)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8184 advisory. GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-3887 Tenable has extracted the preceding...

SUSE CVE-2023-53648

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in sndac97mixer smatch error: sound/pci/ac97/ac97codec.c:2354 sndac97mixer error: we previously assumed 'rac97' could be null see line 2072 remove redundant assignment, return error if...