Astra Linux - уязвимость в ffmpeg, ffmpeg5

The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through a floating-point exception error at libavfilter/vfminterpolate.c:1078:60 in interpolate...

@antv/d3-interpolate (>=1.0.2 <=1.0.3), @antv/g-base (=0.5.13) +1 more potentially affected by unknown CVE via @antv/d3-color (=1.0.0)

@antv/d3-color NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/d3-color and may be impacted: - @antv/d3-interpolate =1.0.2, =1.0.3 - @antv/g-base =0.5.13 - @yogeshcl/g6-react-ba =0.0.6 Source cves: unknown CVE Source advisory:...

@antv/g-base (=0.5.13), @yogeshcl/g6-react-ba (=0.0.6) potentially affected by unknown CVE via @antv/d3-interpolate (=1.0.3)

@antv/d3-interpolate NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/d3-interpolate and may be impacted: - @antv/g-base =0.5.13 - @yogeshcl/g6-react-ba =0.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3866...

MAL-2026-3866 Malicious code in @antv/d3-interpolate (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Display template option of the Set field type, where user-supplied input is processed by the $interpolate function and rendered via Vue's v-html directive without proper sanitization. An attacker can...

📄 Cockpit CMS 2.13.5 Cross Site Scripting

Cockpit CMS version 2.13.5 suffers from a persistent cross site scripting vulnerability in the content model display template. The $interpolate function in /modules/App/assets/js/app/utils.js uses new Function to evaluate template strings, allowing arbitrary JavaScript execution. Any authenticate...

Atlassian Confluence 9.0.1 < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101573)

The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-101573 advisory. - A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack...

Linux Distros Unpatched Vulnerability : CVE-2017-12067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potrace 1.14 has a heap-based buffer over-read in the interpolatecubic function in mkbitmap.c. CVE-2017-12067 Note that Nessus relies on the presence of the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:3114-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3114-1 advisory. - CVE-2020-22027: Fixed heap-based Buffer Overflow vulnerability exits in deflate16 at...

OSV-2024-792 Index-out-of-bounds in AAHD::make_ahd_rb_hv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42536934 Crash type: Index-out-of-bounds Crash state: AAHD::makeahdrbhv AAHD::makeahdrb LibRaw::aahdinterpolate...

SUSE CVE-2023-51798

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...

CVE-2023-51798

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...

DEBIAN-CVE-2023-51798

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...

UBUNTU-CVE-2023-51798

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...

CVE-2023-51798

CVE-2023-51798 affects FFmpeg builds using v.N113007-g8d24a28d06, with a buffer overflow caused by a floating point exception (FPE) in the interpolate path of libavfilter/vf_minterpolate.c (line 1078:60). A local attacker could potentially execute arbitrary code via this FPE error. Documents cons...

CVE-2023-51798

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...

PT-2024-4519

Name of the Vulnerable Software and Affected Versions: Ffmpeg version N113007-g8d24a28d06 Description: The issue is related to a buffer overflow vulnerability in the interpolate component of the Ffmpeg library, specifically in the libavfilter/vf minterpolate.c file. This vulnerability is caused b...

loader-utils: Regular expression denial of service

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...

loader-utils: Regular expression denial of service

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...

SUSE CVE-2015-7199

The 1 AddWeightedPathSegLists and 2 SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a...