Potential memory exhaustion attack due to sparse slice deserialization

Details Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the...

The vulnerability of the JPEG XL decoder in the FFmpeg multimedia library allows a hacker to execute arbitrary code.

The vulnerability of the JPEG XL decoder in the FFmpeg multimedia library is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

Out-of-bounds

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

Debian DSA-5484-1 : librsvg - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5484 advisory. Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files whe...

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

OESA-2023-1243 tcpdump security update

Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Security Fixes: The SMB protoco...

CVE-2023-28968 Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open

An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder JDPI-Decoder Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowi...

tcpdump 缓冲区错误漏洞

tcpdump is a set of sniffing tools from Tcpdump team running under command line. The tool is mainly used for packet analysis and network traffic capturing, among others. A security vulnerability exists in tcpdump version 4.99.3, which stems from an SMB protocol decoder that can perform...

The vulnerability of the zgfx_decompress_segment() function in the ZGFX decoder of the FreeRDP remote desktop protocol allows a hacker to trigger a service failure.

The vulnerability of the zgfxdecompresssegment function in the ZGFX decoder of the FreeRDP remote desktop protocol lies in the fact that the operation for checking the length of input data occurs outside the buffer. Exploiting this vulnerability could allow a malicious actor to cause service...

Denial of Service (DoS)

Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Denial of Service DoS via URLEncodedFormDecoder. When using automatic content decoding, an attacker can craft a request body that can make the server crash. Details Denial of...

Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function is related to the lack of a mechanism for converting data types. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC function decoder allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SAIO decoder in the MPEG-4 multimedia platform GPAC relates to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s functional decoding process allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the CTS decoder used in MPEG-4 multimedia platform GPAC is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s function decoding process allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the MPEG-4 multimedia platform GPAC decoder’s decoding function is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the RTP decoder, a component for decoding MPEG-4 multimedia platforms like GPAC, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the RTP decoder used for decoding MPEG-4 multimedia platform GPAC is related to the lack of verification for the result of the addition arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity,...

The vulnerability of the decoder for MPEG-4 multimedia platform GPAC allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SVHD decoder, a component of the MPEG-4 multimedia platform GPAC, lies in the lack of verification for the result of the addition arithmetic operation. Exploiting this vulnerability allows an attacker operating remotely to gain access to confidential data, compromise its...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s functional decoding process allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC function decoder relates to the lack of verification for the result of arithmetic operations. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause...

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC function decoding process allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the STTS decoder for MPEG-4 multimedia platform GPAC is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...