MiracleLinux 9 : poppler-21.01.0-14.el9 (AXSA:2023-5617:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5617:02 advisory. poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 Tenable has extracted the preceding description block directly from the...

ESPHome Input Validation Vulnerability

ESPHome is an open-source system for configuring and managing smart hardware. It is used to control Esp8266/Esp32 hardware, enabling home automation control. The version 2025.9.0 to 2025.12.6 of ESPHome contains a vulnerability related to input validation errors. This vulnerability stems from...

SUSE-SU-2025:21211-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash bsc1252749. - CVE-2025-57807: BlobStream Forward-Seek Under-Allocation bsc1249362. - CVE-2025-62171: incomplete fix for integer...

OPENSUSE-SU-2025:20162-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash bsc1252749. - CVE-2025-57807: BlobStream Forward-Seek Under-Allocation bsc1249362. - CVE-2025-62171: incomplete fix for integer...

EUVD-2018-0635

Malicious code in bioql PyPI...

Security update for ffmpeg

This update for ffmpeg fixes the following issues: CVE-2022-1475: Fixed integer overflow in g729parse in llibavcodec/g729parser.c bsc1198898. CVE-2024-36616: Fixed integer overflow in the component libavformat/westwoodvqa.c bsc1234018. CVE-2024-36617: Fixed integer overflow vulnerability in the...

SUSE-SU-2025:02352-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: - CVE-2022-1475: Fixed integer overflow in g729parse in llibavcodec/g729parser.c bsc1198898. - CVE-2024-36616: Fixed integer overflow in the component libavformat/westwoodvqa.c bsc1234018. - CVE-2024-36617: Fixed integer overflow vulnerability in...

OESA-2025-1017 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: In FFmpeg version n6.1....

OESA-2024-2576 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg n7.0 is affected...

OESA-2024-2577 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg n6.1.1 has an...

CVE-2021-39546

An issue was discovered in sela through 20200412. rice::RiceDecoder::process in ricedecoder.cpp has a heap-based buffer overflow...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

UBUNTU-CVE-2019-6250

A pointer overflow, with code execution, was discovered in ZeroMQ libzmq aka 0MQ 4.2.x and 4.3.x before 4.3.1. A v2decoder.cpp zmq::v2decodert::sizeready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leverag...

Amazon Linux AMI : tomcat7 / tomcat80 (ALAS-2018-1055)

The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore,...

Cisco Thor Stack Buffer Overflow Vulnerability

Cisco Thor decoder is a video coder/decoder from Cisco USA. A stack buffer overflow vulnerability exists in versions prior to Cisco Thor decoder commit 18de8f9f0762c3a542b1122589edb8af859d9813. A local attacker could exploit this vulnerability with a specially crafted Thor bitstream to cause a...

CVE-2018-1336

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...

PT-2016-5899 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue arises from improper handling of decoder stack overflows in the ber-decoder.c file, allowing remote attackers to cause a denial of service abort by sending crafted BER data...

UBUNTU-CVE-2016-4353

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the ASN.1 decoder in the Mac OS X operating system is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted certificate...

DEBIAN-CVE-2010-1028

Integer overflow in the decompression functionality in the Web Open Fonts Format WOFF decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vdff modul...