PT-2025-37297

Name of the Vulnerable Software and Affected Versions Samsung devices versions Android 13 through 16 Description A critical out-of-bounds write vulnerability exists in the libimagecodec.quram.so library, potentially allowing remote attackers to execute arbitrary code on vulnerable devices. This...

VulnCheck KEV: CVE-2025-21043

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code...

CVE-2025-39751

...

Linux Distros Unpatched Vulnerability : CVE-2016-0834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service memory...

Linux Distros Unpatched Vulnerability : CVE-2017-18244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The stereoprocessing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted aac file...

Linux Distros Unpatched Vulnerability : CVE-2016-3893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The wcdcalhwdepioctlshared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not...

Linux Distros Unpatched Vulnerability : CVE-2016-2454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service reboot via a crafted file...

Linux Distros Unpatched Vulnerability : CVE-2017-0535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels...

Linux Distros Unpatched Vulnerability : CVE-2016-2485

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes...

CVE-2025-26455

In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2025-58057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...

OESA-2025-2153 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

OESA-2025-2149 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

SUSE CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +21922 more potentially affected by CVE-2025-58056 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.124.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3475 more potentially affected by CVE-2025-58056 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.4.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-58056 Source advisory: OSV:GHSA-FGHV-69VJ-QJ49...

CVE-2025-26455

The CVE-2025-26455 entry describes an out-of-bounds write in NdkMediaCodec.cpp caused by a heap buffer overflow, enabling local privilege escalation with no additional execution privileges and no user interaction required. The connected documents do not provide exploitation details or concrete pa...

CVE-2025-36897

In unknown of cdCnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-56189

In SAEMMDiscloseMsId of SAEMMRadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-56189

CVE-2024-56189 describes an out-of-bounds read in SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c due to a missing bounds check. The available sources indicate this could allow remote information disclosure after authentication with no additional execution privileges and no user interaction requi...