PT-2025-31440 · Sixlabors · Imagesharp

Name of the Vulnerable Software and Affected Versions: ImageSharp versions prior to 2.1.11 ImageSharp versions 3.0.0 through 3.1.10 Description: ImageSharp is a 2D graphics library susceptible to a denial of service. A specially crafted GIF file containing a malformed comment extension block,...

zip

This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...

The vulnerability of the NCompress::NRar5::CDecoder method in the RAR5 archive decoder and 7-Zip compressor allows a hacker to trigger a service failure.

The vulnerability of the NCompress::NRar5::CDecoder decoder in the RAR5 archiver 7-Zip tool is related to the possibility of buffer overflow attacks. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE CVE-2025-7700

A flaw was found in FFmpeg's ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

OESA-2025-1866 gdk-pixbuf2 security update

gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A flaw was found in the GIF parser of GdkPixbuf’s LZW...

UBUNTU-CVE-2025-7700

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

Security update for ffmpeg

This update for ffmpeg fixes the following issues: CVE-2022-1475: Fixed integer overflow in g729parse in llibavcodec/g729parser.c bsc1198898. CVE-2024-36616: Fixed integer overflow in the component libavformat/westwoodvqa.c bsc1234018. CVE-2024-36617: Fixed integer overflow vulnerability in the...

SUSE-SU-2025:02352-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: - CVE-2022-1475: Fixed integer overflow in g729parse in llibavcodec/g729parser.c bsc1198898. - CVE-2024-36616: Fixed integer overflow in the component libavformat/westwoodvqa.c bsc1234018. - CVE-2024-36617: Fixed integer overflow vulnerability in...

Netty Vulnerable to Denial-of-Service (DoS) via Uncontrolled Memory Allocation in 'HttpPostRequestDecoder' Component

Netty is vulnerable to denial-of-service DoS due to insufficient restrictions on the amount of memory that is allocated in the HttpPostRequestDecoder component. An attacker could exploit this by sending maliciously crafted data in order to cause an out-of-memory OOM error and a denial-of-service...

Use-after-free in "unicode_escape" decoder with error handler

...

Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder

...

FreeBSD : FreeBSD -- Use-after-free in multi-threaded xz decoder (7642ba72-5abf-11f0-87ba-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7642ba72-5abf-11f0-87ba-002590c1f29c advisory. A worker thread could free its input buffer after decoding, while the main thread might still be writin...

SUSE CVE-2018-20194

There is a stack-based buffer underflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy...

SUSE CVE-2018-20358

An invalid memory address dereference was discovered in the ltprediction function of libfaad/ltpredict.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...

SUSE CVE-2018-20359

An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbrdec.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...

SUSE CVE-2019-6956

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. It is a buffer over-read in psmixphase in libfaad/psdec.c...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the scanruns function in the MMRDecoder component. An attacker can cause heap corruption or read sensitive memory by providing specially crafted input that causes the xr pointer to write or read outside the bound...

FreeBSD-SA-25:06.xz

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-25:06.xz Security Advisory The FreeBSD Project Topic: Use-after-free in multi-threaded xz decoder Category: contrib Module: xz Announced: 2025-07-02 Affects:...

FreeBSD -- Use-after-free in multi-threaded xz decoder

Problem Description: A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory. Impact: An attacker may use specifically crafted .xz file to cause multi-threaded xz decoder to crash, or...

Updated gdk-pixbuf2.0 packages fix security vulnerability

It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure...