EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-1980)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the...

PT-2021-3527 · Djvulibre +4 · Djvulibre +4

Name of the Vulnerable Software and Affected Versions: DjVuLibre versions prior to 3.5.28 Description: An out-of-bounds write issue was found in the DJVU::DjVuTXT::decode function in DjVuText.cpp via a crafted djvu file, which may lead to a crash and segmentation fault. This flaw can be exploited...

DEBIAN-CVE-2021-32493

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...

Heap overflow

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...

CVE-2021-32493

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...

CVE-2021-32493

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...

openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

libwebp: heap-based buffer overflow in WebPDecode*Into functions

A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecodeInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

SUSE: Security Advisory (SUSE-SU-2014:1631-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:1166-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:0862-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

DEBIAN-CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi...

ALPINE-CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

PYSEC-2021-138

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi...

CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

PYSEC-2021-137

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala...

GHSA-8PMX-P244-G88H Interpreter crash from `tf.io.decode_raw`

Impact The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. python import tensorflow as tf tf.io.decoderawtf.constant"1","2","3","4", tf.uint16, fixedlength=4 The implementation of the padded version is...

libwebp 缓冲区错误漏洞

Libwebp is a WebP image format encoding and decoding library . A security vulnerability exists in versions of Libwebp prior to 1.0.1. The vulnerability stems from a heap buffer overflow in the WebPDecodeRGBInto function, caused by an invalid check of the buffer size. An attacker can exploit the...