Lucene search
+L

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 7:15 p.m.6 views

CVE-2026-52718 Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.3AI score0.0031EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 7:8 p.m.84 views

astral-tokio-tar has a PAX Header Desynchronization issue

Impact Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 5:26 p.m.5 views

GHSA-FP55-JW48-C537 astral-tokio-tar is Vulnerable to PAX Header Desynchronization

Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

8.7CVSS5.8AI score
Exploits0References4
RustSec
RustSec
added 2026/04/27 12:0 p.m.12 views

PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.2AI score
Exploits0Affected Software1
Rows per page
Query Builder