RUSTSEC-2020-0120 `Decoder<R>` can carry `R: !Send` to other threads

Affected versions of this crate implements Send for Decoder for any R: Read. This allows Decoder to contain R: !Send and carry move it to another thread. This can result in undefined behavior such as memory corruption from data race on R, or dropping R = MutexGuard from a thread that didn't lock...

freerdp: out of bound read in rfx_process_message_tileset

In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfxprocessmessagetileset. Invalid data fed to RFX decoder results in garbage on screen as colors. This has been patched in 2.1.0...

Medium: golang

Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...

Amazon Linux AMI : golang (ALAS-2020-1436)

The version of golang installed on the remote host is prior to 1.13.15-1.59. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1436 advisory. The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

OSV-2020-2085 UNKNOWN READ in decoder_fuzzer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26428 Crash type: UNKNOWN READ Crash state: decoderfuzzer...

openSUSE Security Update : brotli (openSUSE-2020-1578)

This update for brotli fixes the following issues : brotli was updated to 1.0.9 : - CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB boo1175825 - brotli -v now reports raw / compressed size - decoder: minor speed / memory usage improvements - encoder: fix rare access to...

OSV-2020-1976 Use-of-uninitialized-value in FLAC::Decoder::FuzzerStream::write_callback

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16503 Crash type: Use-of-uninitialized-value Crash state: FLAC::Decoder::FuzzerStream::writecallback writeaudioframetoclient readframe...

Amazon Linux 2 : golang (ALAS-2020-1494)

The version of golang installed on the remote host is prior to 1.13.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1494 advisory. The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder...

Google Android libAACdec Information Disclosure Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in Android version 11 libAACdec. The vulnerability stems from a configuration or other error in the operation of a networked system or product. An...

CVE-2020-24753

A memory corruption vulnerability in Objective Open CBOR Run-time oocborrt in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation CBOR input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings...

Medium: golang

Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...

CVE-2020-1593

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...

CVE-2020-1508

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...

CVE-2020-1508

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...

Remote code execution

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...

CVE-2020-1593 Windows Media Audio Decoder Remote Code Execution Vulnerability

...

CVE-2020-1593

Technical details about CVE-2020-1593 are not provided in the connected documents; no product/version/impact specifics are disclosed here. Monitor for updates as additional details may be published.

CVE-2020-1508 Windows Media Audio Decoder Remote Code Execution Vulnerability

...

CVE-2020-1508

CVE-2020-1508 affects Windows Media Audio Decoder and is described as a remote code execution vulnerability. The connected document (AVLEONOV article) lists Windows Media Audio Decoder as vulnerable under the September 2020 Patch Tuesday with multiple CVEs, including CVE-2020-1508, indicating an ...