CVE-2025-27091 OpenH264 Decoding Functions Heap Overflow Vulnerability

OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence...

PT-2025-6926 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.19 Description: Meshtastic is an open source mesh networking solution. In affected firmware versions, crafted packets over MQTT can appear as a DM in client to a node even though they were not decoded with PKC...

SUSE CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

ALPINE-CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

CVE-2024-12243 Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

CVE-2024-12133 Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...

CVE-2024-12133

CVE-2024-12133 affects libtasn1 and causes inefficient DER/SEQUENCE OF handling, enabling remote DoS via crafted certificates. Connected advisories confirm affected package libtasn1 and provide mitigations: update to patched libtasn1 versions (e.g., 4.19.x+/4.10.x+ as per distro advisories). If e...

CVE-2022-33259

Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received...

CVE-2020-6112

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...

CVE-2024-21453

Transient DOS while decoding message of size that exceeds the available system memory...

CVE-2024-54107

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-54106

Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2025-20890

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability...

CVE-2025-20889

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability...

CVE-2025-20881

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability...

Important: gstreamer1-plugins-base

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd-vi.channels exceeds 64, t...

PT-2025-4172 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is related to an out-of-bounds write in the decoding frame buffer in libsthmbc.so. This allows local attackers to execute arbitrary code with privilege. User...

PT-2025-4171 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is related to an out-of-bounds read in decoding a malformed bitstream for smp4vtd in libsthmbc.so. This allows local attackers to read arbitrary memory, with user...

PT-2025-4163 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is an out-of-bounds write in accessing a buffer that stores decoded video frames. This allows local attackers to execute arbitrary code with privilege, but user...

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...