Buffer Overflow

flac is vulnerable to Buffer Overflow. The vulnerability exists in the bitwritergrow function in the library, which allows an attacker to run arbitrary code via crafted input to the encoder...

WordPress Email Encoder Bundle Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4599 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48a0517c2804 Credits István Márton...

SUSE CVE-2020-22219

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

...

DEBIAN-CVE-2020-22219

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

CVE-2020-22219

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

AZL-28074 CVE-2020-22219 affecting package flac for versions less than 1.4.3-1

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

CVE-2020-22219

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

CVE-2020-22219

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

CVE-2020-22219

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

The vulnerability of the `derive_spatial_luma_vector_prediction` function in the `motion.cc` component of the H.265 Libde265 video encoder allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the derivespatiallumavectorprediction function in the motion.cc component of the H.265 Libde265 codec implementation is related to buffer overflow attacks. Exploiting this vulnerability could allow attackers to access confidential data, compromise its integrity, and even caus...

EulerOS 2.0 SP9 : libwebp (EulerOS-SA-2023-2618)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw an...

EulerOS 2.0 SP9 : libwebp (EulerOS-SA-2023-2588)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw an...

EulerOS Virtualization 2.10.0 : libwebp (EulerOS-SA-2023-2562)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to...

CentOS 7 : libwebp (RHSA-2023:2077)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2077 advisory. - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best ...

EulerOS 2.0 SP10 : libwebp (EulerOS-SA-2023-2359)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw an...

Ubuntu 16.04 ESM : libwebp vulnerability (USN-6078-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6078-2 advisory. USN-6078-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding description...

CVE-2023-37475

Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...

CVE-2023-37475

CVE-2023-37475 affects the Go library hamba/avro, where a crafted string passed to Unmarshal() can trigger uncontrolled memory allocation, leading to denial of service. Root cause: the Unmarshal() path uses input data to size allocations, allowing memory exhaustion and potential crash. A fix is i...

CVE-2021-43757

Adobe Media Encoder versions 22.0, 15.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in th...