Out-of-bounds

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489...

Out-of-bounds

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502...

ffjpeg 代码问题漏洞

ffjpeg is a JPEG encoder/decoder. ffjpeg suffers from a null pointer dereference vulnerability, for which no detailed vulnerability details are currently available...

CVE-2022-20048

CVE-2022-20048 affects MediaTek video decoder with a missing bounds check causing an out-of-bounds write and local privilege escalation without user interaction. MTK’s advisory (ALPS05917502) notes the patch, and other sources (NVD, Red Hat, CNVD, CVE listings) corroborate the description. The av...

CVE-2022-20048

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502...

CVE-2022-20047

CVE-2022-20047 affects MediaTek video decoder with a missing bounds check leading to an out-of-bounds write and local privilege escalation without user interaction. The issue is documented with patch ALPS05917489 (Issue ID: ALPS05917489). Connected sources also corroborate the vulnerability as a ...

CVE-2022-20047

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489...

ASB-A-213116796

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-213120685

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and several other file formats. ok-file-formats 203defd suffers from a buffer error vulnerability that allows an attacker to trigger a buffer overflow via the function okpngtransformscanline in /okpng.c:494...

Debian: Security Advisory (DLA-2929-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

Infinite loop

Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when...

Flare-Qdb - Command-line And Python Debugger For Instrumenting And Modifying Native Software Behavior On Windows And Linux

flare-qdb is a command-line and scriptable Python-based tool for evaluating and manipulating native program state. It uses Vivisect to set a breakpoint on each queried instruction and executes Python code when hit. flare-qdb frees the analyst to take a nonlinear approach to dynamic analysis that...

ffjpeg Denial of Service Vulnerability (CNVD-2022-12798)

ffjpeg is a JPEG encoder/decoder by the individual developer Kai Chen in China. A rejection vulnerability exists in ffjpeg, which originates when the size information in the metadata of a bmp is out of range, it returns without allocating a memory buffer to pb-pdata and without exiting the progra...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

CVE-2022-23585

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...