SUSE CVE-2022-38230

XPDF commit ffaf11c was discovered to contain a floating point exception FPE via DCTStream::decodeImage at /xpdf/Stream.cc...

SUSE CVE-2022-38900

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS...

UBUNTU-CVE-2023-25564

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js decode-uri-component

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js decode-uri-component. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by the...

Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Visually inspect all of the regex matches and their sexier, more cloak and dagger cousins, the YARA matches found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start pipx install yaralyzer Scan against YARA...

Buffer Overlow in TSS2_RC_Decode in tpm2-tss

...

GPAC 输入验证错误漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.2-rev0-gab012bbfb-master, which stems from the discovery of a contained integer overflow vulnerability via the QDecCoordOnUnitSphere function in bifs/unquantize.c...

golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...

FFmpeg 代码问题漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A denial of service vulnerability exists in FFmpeg, which stems from a lack of return value checking in the decodemainheader function in the libavformat/nutdec.c file and triggers a null...

CVE-2022-43974

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0...

DEBIAN-CVE-2022-41988

An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2022-41988

An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2022-3109

An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability...

CVE-2022-45332

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decodepreR13sectionhdr at decoder11.c...

PT-2022-27471 · Libredwg · Libredwg

Name of the Vulnerable Software and Affected Versions: LibreDWG version 0.12.4.4643 Description: A heap buffer overflow issue was discovered in the decode preR13 section hdr function at decode r11.c. This issue affects the specified version of LibreDWG. Recommendations: For LibreDWG version...

Denial Of Service (DoS)

decode-uri-component is vulnerable to Denial Of Service DoS. A remote attacker is able to cause denial of service conditions via sending a malicious payload through the decode function in index.js due to improper input validation...

GHSA-W573-4HG7-7WGQ decode-uri-component vulnerable to Denial of Service (DoS)

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS...

@candlelabs/sdk (>=1.0.1 <=1.0.2), @infobiotech/js-error (>=0.1.0 <=0.1.6) +12 more potentially affected by CVE-2022-38900 via decode-uri-component (=0.2.0)

decode-uri-component NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on decode-uri-component and may be impacted: - @candlelabs/sdk =1.0.1, =0.1.0, =0.22.0, =0.22.0, =0.32.1, =0.32.3, =2.3.5, =1.0.0, =0.3.0, =0.22.0, =0.49.0 Source cves...

CVE-2022-38900

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS...

AZL-44976 CVE-2022-38900 affecting package js-jquery 3.5.0-4

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS...