Ubuntu 25.04 / 25.10 : FFmpeg vulnerability (USN-7871-1)

The remote Ubuntu 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7871-1 advisory. It was discovered that FFmpeg incorrectly handled memory allocation in the ALS audio decoder. If a user was tricked into loading a crafted media file, a remot...

Integer Overflow

ImageMagick is vulnerable to an integer overflow. The vulnerability is due to improper integer overflow handling in the BMP decoder when calculating image buffer sizes by multiplying image width with bits per pixel, which allows an attacker to exploit a specially crafted BMP file to cause integer...

ROS-20251117-01

A vulnerability in the NVIDIA display driver is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the Guest driver and Virtual GPU Manager components of the NVIDIA GPU driver is related to pointer...

USN-7871-1: FFmpeg vulnerability

It was discovered that FFmpeg incorrectly handled memory allocation in the ALS audio decoder. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this issue to make FFmpeg crash, resulting in a denial of service...

USN-7871-1 ffmpeg vulnerability

It was discovered that FFmpeg incorrectly handled memory allocation in the ALS audio decoder. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this issue to make FFmpeg crash, resulting in a denial of service...

OSV-2025-900 Heap-buffer-overflow in DecodeFrame

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=460575093 Crash type: Heap-buffer-overflow READ Crash state: DecodeFrame testdecoderprocess EsOutSend...

HSEC-2025-0003 Use after free in multithreaded lzma (.xz) decoder

Use after free in multithreaded lzma .xz decoder In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash CVE-2025-31115. The effects include heap use after free and writing to an address based on the null pointer plus ...

Siemens SIMATIC S7-1500 Premature Release of Resource During Expected Lifetime (CVE-2025-31115)

The threaded .xz decoder in liblzma has a vulnerability that can at least result in a crash denial of service. The effects include heap use after free and writing to an address based on the null pointer plus an offset. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Inefficient Algorithmic Complexity (CVE-2022-45061)

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2025-2353)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : gdk-pixbuf2 (EulerOS-SA-2025-2322)

According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GIF parser of GdkPixbufs LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets th...

CLSA-2025-1762868093 grafana-pcp: Fix of CVE-2024-34156

rebuild with golang = 1.22.5-1.el92.tuxcare.els7 - CVE-2024-34156: fix stack exhaustion in Decoder.Decode in golang...

EUVD-2025-38295

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

CVE-2025-7700

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

CVE-2025-7700

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

CVE-2025-7700 Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

CVE-2025-7700 Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

CVE-2025-7700

CVE-2025-7700 is a vulnerability in FFmpeg’s ALS audio decoder (libavcodec/alsdec.c): a failure to properly check memory allocation can cause a crash when processing certain malformed audio files. This is described across multiple advisories (Debian DLA-4440, Ubuntu USN-7871-1, Mageia and SUSE ad...

SUSE SLES15 Security Update : ffmpeg (SUSE-SU-2025:2990-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:2990-1 advisory. - CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder libavcodec/alsdec.c bsc1246790. Tenable has extracted the preceding...

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2025:3918-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:3918-1 advisory. - CVE-2025-62171: Fixed incomplete fix for integer overflow in BMP Decoder bsc1252282. Tenable has extracted the preceding description block directly...