The vulnerability of the AVEVideoEncoder component in iOS, tvOS, and iPadOS allows a hacker to execute arbitrary code.

The vulnerability of the AVEVideoEncoder component in iOS, tvOS, and iPadOS lies in the operation of recording data beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Fedora: Security Advisory for golang-github-francoispqt-gojay (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31116

UltraJSON vulnerability (CVE-2022-31116) affects UltraJSON, a C-based JSON encoder/decoder with Python bindings. Affected versions improperly decoded escaped surrogate characters (surrogate pairs), enabling string corruption and potential key confusion or value overwriting when parsing JSON from ...

CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31117 Double free of buffer during string decoding in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31117

UltraJSON (ujson) has a vulnerability CVE-2022-31117: a double-free bug during buffer reallocation in string decoding. The issue is in the C-level decoder; due to UltraJSON’s internal design, this double free cannot be triggered from Python. The advisory details confirm the root cause and state n...

[SECURITY] Fedora 36 Update: golang-github-skip2-qrcode-0-2.20220316gitda1b656.fc36

QR Code encoder Go...

[SECURITY] Fedora 36 Update: golang-github-francoispqt-gojay-1.2.13-7.fc36

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

CVE-2022-33069

Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment at SMTEncoder.cpp...

Denial Of Service (DoS)

@discordjs/opus is vulnerable to denial of service. An attacker is able cause an application crash via sending crafted requests through an encoder with zero channels, or a non-initialized buffer...

CVE-2022-25345

All versions of package @discordjs/opus are vulnerable to Denial of Service DoS when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash...

CVE-2022-25345

CVE-2022-25345 affects the npm package @discordjs/opus. The root cause is improper error handling when encoding with an encoder that has zero channels or a non-initialized buffer, causing a Denial of Service via a hard crash. Exploitation details are not provided in the documents. Mitigation note...

CVE-2022-25345

All versions of package @discordjs/opus are vulnerable to Denial of Service DoS when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash...

Adobe Media Encoder Memory Corruption Vulnerability (CNVD-2022-50236)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A memory corruption vulnerability exists in Adobe Media Encoder version 15.4 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the current...

Adobe Media Encoder Memory Corruption Vulnerability (CNVD-2022-50235)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A memory corruption vulnerability exists in Adobe Media Encoder version 15.4 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the current user environmen...

CVE-2021-43756

Adobe Media Encoder versions 22.0, 15.4.2 and earlier are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...