BIT-LIBPYTHON-2025-4516 Use-after-free in "unicode_escape" decoder with error handler

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

BIT-LIBPYTHON-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

Linux Distros Unpatched Vulnerability : CVE-2024-35920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the...

Linux Distros Unpatched Vulnerability : CVE-2022-49887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: meson: vdec: fix possible refcount leak in vdecprobe v4l2deviceunregister need to be called to put the refcount got by v4l2deviceregister when vdecprobe...

Linux Distros Unpatched Vulnerability : CVE-2021-47655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: fixed possible memory leak issue The venushelperallocdpbbufs...

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

The vulnerability of the JPEG XL decoder in the Libjxl library, allowing attackers to trigger a service denial

The vulnerability of the JPEG XL decoder in the Libjxl library is related to an uncontrolled resource consumption due to buffer overflow on the stack. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

"Energon": Unveiling Transformers from GPU Power and Thermal Side-Channels

Transformers have become the backbone of many Machine Learning ML applications, including language translation, summarization, and computer vision. As these models are increasingly deployed in shared Graphics Processing Unit GPU environments via Machine Learning as a Service MLaaS, concerns aroun...

CVE-2025-54575

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters filter="data...

PT-2025-32500 · Git · Libavc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=435086517 Crash type: Heap-buffer-overflow READ 1 Crash state: isvcd decode recon tfr nmb base lyr isvcd parse inter slice data cabac isvcd parse pslice...

Out-of-bounds Read

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Read in the LossyDctDecoderexecute function. An attacker can cause the application to crash or potentially leak sensitive information by providing a specially...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the LossyDctDecoderexecute function. An attacker can cause the application to crash or potentially leak sensitive information by providing a specially crafted DWAA-packed scan-line EXR file with a malicious chunk...

CVE-2025-54575

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-54575

CVE-2025-54575 affects SixLabors.ImageSharp (GIF decoding path). Versions before 2.1.11 and 3.0.0–3.1.10 are vulnerable to an infinite loop when processing specially crafted GIF files with a malformed comment extension block and missing terminator, leading to DoS. A fix is available in ImageSharp...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

GHSA-RXMQ-M78W-7WMC SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks

Impact A specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input shou...

SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks

Impact A specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input shou...