25 matches found
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the drflacreadanddecodemetadata function. An attacker can cause excessive memory allocation by supplying crafted FLAC streams with maliciously controlled mimeLength and descriptionLength...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the drflacreadanddecodemetadata function. An attacker can cause excessive memory allocation by supplying crafted FLAC streams with maliciously controlled mimeLength and descriptionLength...
NewStart CGSL MAIN 6.06 : cups Multiple Vulnerabilities (NS-SA-2025-0218)
The remote NewStart CGSL host, running version MAIN 6.06, has cups packages installed that are affected by multiple vulnerabilities: - ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to...
Linux Distros Unpatched Vulnerability : CVE-2024-10573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer...
CVE-2024-10573
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...
DEBIAN-CVE-2024-10573
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...
CVE-2024-10573 Mpg123: buffer overflow when writing decoded pcm samples
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...
CVE-2024-10573
CVE-2024-10573 affects mpg123: an out-of-bounds write during PCM decoding can cause heap corruption, with potential arbitrary code execution. The vulnerability arises when handling crafted streams, and exploitation is described as high complexity since the payload must be validated by the MPEG de...
CVE-2024-10573 Mpg123: buffer overflow when writing decoded pcm samples
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...
UBUNTU-CVE-2024-10573
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...
bind: DoS from specifically crafted TCP packets
A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP strea...
bind: DoS from specifically crafted TCP packets
A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP strea...
OESA-2022-1615 bind security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
XStream: SSRF via crafted input stream
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...
USN-3283-1 rtmpdump vulnerabilities
Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code...
VLC Media Player Multiple Vulnerabilities (Mar 2012) - Windows
VLC Media Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:videolan:vlcmediaplayer";...
VLC Media Player Multiple Vulnerabilities (Mar 2012) - Linux
VLC Media Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VLC Media Player Multiple Vulnerabilities (Mar 2012) - Mac OS X
VLC Media Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows)
This host is installed with VLC Media Player and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbvlcmediaplayermultvulnmar12win.nasl 8174 2017-12-19 12:23:25Z cfischer $ VLC Media Player Multiple Vulnerabilities - Mar 12 Windows Authors: Madhuri D Copyright: Copyright c 20...