CVE-2026-37555

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

CVE-2026-37555

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

CVE-2026-37555

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

PYSEC-2026-144

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

GHSA-PQ5C-RJHQ-QP7P vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

Summary The VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes parameter default: 32, which is enforced by the loadbytes code path at line 47-48, is...

vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

Summary The VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes parameter default: 32, which is enforced by the loadbytes code path at line 47-48, is...

EUVD-2026-10020

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17...

CVE-2026-23208

CVE-2026-23208 — Linux kernel ALSA USB audio OOB write fix . The issue arose when user-provided ALSA USB audio parameters led to an out-of-bounds write: calculated frames (packsize[0] * packets) exceeded URB buffer, triggering KASAN slab-out-of-bounds in sound/usb/pcm.c. The patch adds a safety c...

CVE-2025-14369

A flaw was found in drflac, an audio decoder within the drlibs toolset. This integer overflow vulnerability occurs due to the tool trusting the totalPCMFrameCount field from FLAC Free Lossless Audio Codec metadata without proper buffer size calculation. An attacker can exploit this by providing a...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the totalPCMFrameCount field from FLAC metadata before buffer size calculation. An attacker can cause a program crash or resource exhaustion by providing a specially crafted file. Remediation A fix was...

DEBIAN-CVE-2025-14369

drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool...

SUSE CVE-2016-10069

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service application crash via a mat file with an invalid number of frames...

SUSE CVE-2017-14056

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2readheader due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "framecount" field in the header but does not contain sufficient backing data, is provided, the loops for...

SUSE CVE-2017-14055

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mvreadheader due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nbframes" field in the header but does not contain sufficient backing data, is provided, the loop over t...

SUSE CVE-2020-13361

In QEMU 5.0.0 and earlier, es1370transferaudio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370write operation...

CVE-2022-23747

In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback...

Sony Xperia 系列安全漏洞

The Sony Xperia series is a line of smartphones from the Japanese company Sony Sony. A security vulnerability exists in the Sony Xperia 1, 5, and Pro series versions, which stems from a lack of validation of the number of frames passed during music playback, which may result in memory access...