PT-2023-35615 · Hdf5 · Hdf5

Name of the Vulnerable Software and Affected Versions: HDF5 affected versions not specified Description: The issue is related to a heap buffer overflow read. Technical details about the crash include the H5O shared decode and H5O dtype shared decode functions, as well as the H5O msg read oh...

PT-2023-33060 · Unknown +1 · Ethereum Abi Decoder +1

Name of the Vulnerable Software and Affected Versions: Ethereum ABI decoder affected versions not specified Description: A potential denial-of-service DoS vector exists in the Ethereum ABI decoder due to the specification allowing zero-sized-types ZST. This can cause excessive resource consumptio...

PT-2023-35610 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write crash. Technical details about the crash include the functions isvcd start of pic, isvcd parse decod...

PT-2023-35611 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue was identified, potentially causing a crash. The crash occurs in the ih264d format convert and ih264d decode picture thread...

PT-2023-35609 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow WRITE crash has been reported. The crash involves the following functions: ih264d format convert, isvcd video decode, and isvcd ap...

tpm2-tss: Buffer Overlow in TSS2_RC_Decode

A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In affected versions, Tss2RCSetHandler and Tss2RCDecode index into the layerhandler with an 8-bit layer number, but the array only ha...

ghostscript: buffer overflow in base/sbcp.c leading to data corruption

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

decode-uri-component: improper input validation resulting in DoS

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service...

ghostscript: buffer overflow in base/sbcp.c leading to data corruption

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

libtiff: null pointer deference in LZWDecode() in libtiff/tif_lzw.c

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

Low: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

RHEL 9 : pcs (RHSA-2023:6316)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6316 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: decode-uri-component: improper...

Fedora: Security Advisory (FEDORA-2023-ea65146fd4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for oneVPL-intel-gpu (FEDORA-2023-ea65146fd4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: oneVPL-2023.3.1-1.fc39

The oneAPI Video Processing Library oneVPL provides a single video processi ng API for encode, decode, and video processing that works across a wide range of accelerators. The base package is limited to the dispatcher and samples. To use oneVPL for video processing you need to install at least on...

PT-2023-35560 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details include a crash state involving the decode preR13 entities, decode preR13, a...

Out Of Bounds Read

stbvorbis is vulnerable to Out of bounds Read.The vulnerability is due to the processing of ogg vorbis files using the DECODE macro. This can be exploited by the attacker by crafting a file that triggers an out of bounds read when the var is negative thus resulting in leakage of internal memory...

CVE-2023-46135

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.innerpayloadlen should not above 64. This vulnerability has been patched in version 0.0.8...

CVE-2023-46135

The CVE-2023-46135 issue affects rs-stellar-strkey, a Rust library for Stellar Strkey encoding/decoding. A panic vulnerability occurs during processing of crafted payloads where inner_payload_len should not exceed 64; this condition is the root cause described in various advisories. The vulnerabi...

CVE-2023-46135 Panic in SignedPayload::from_payload

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.innerpayloadlen should not above 64. This vulnerability has been patched in version 0.0.8...