PT-2023-35536 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details include a crash state involving the decode preR13 entities, decode preR13, a...

CVE-2023-45682

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...

UBUNTU-CVE-2023-45682

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...

stb_vorbis buffer error vulnerability

stbvorbis is an open source audio codec for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a well-designed file that may trigger an out-of-bounds read in the "DECODE" macro when "var" is negative...

CVE-2023-45682 Wild address read in vorbis_decode_packet_rest in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...

CVE-2023-45682

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...

CVE-2023-45682

CVE-2023-45682 affects stb_vorbis (used by stb_vorbis.c, MIT license). A crafted Vorbis file may trigger an out-of-bounds read in the DECODE macro when var is negative, because DECODE_RAW allows negative values, potentially leaking internal memory allocation information. Multiple connected adviso...

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial of Service DOS. The vulnerability is due to a memory leak in the QuicCryptoTlsReadExtensions function in cryptotls.c, which results in Denial of Service. An attacker can create multiple instances are present or multiple calls to the decode happen...

Fedora: Security Advisory for oneVPL (FEDORA-2023-b6aab4f954)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1696970233 libwebp: Fix of 3 CVEs

CVE-2018-25013, CVE-2018-25014: wait for all threads to be done in DecodeRemaining - CVE-2023-1999: fix a double free error...

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.

...

AZL-30056 CVE-2023-44466 affecting package kernel for versions less than 5.15.135.1-2

An issue was discovered in net/ceph/messengerv2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in cephdecode32...

PYSEC-2023-191

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

PYSEC-2023-191

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

Vyper Security Vulnerability

Vyper is the Pythonic smart contract language for EVM. Vyper suffers from a security vulnerability that stems from allowing an attacker to bypass boundary checks via constructabidecode...

CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

PT-2023-28356 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.10 Description: The abi decode function in Vyper does not validate input when it is nested in an expression, allowing for bounds checking to be bypassed and resulting in incorrect results. This can be triggered by...

CVE-2023-32653

An out-of-bounds write vulnerability exists in the dcmpixeldatadecode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

PT-2023-23933 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 20.1 Description: An out-of-bounds write issue exists in the dcm pixel data decode functionality. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file...

Medium: djvulibre

Issue Overview: An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. CVE-2021-3630 Affected Packages: djvulibre Note: This...