Astra Linux - уязвимость в dav1d

An integer overflow occurs in the dav1d AV1 decoder, which can happen when decoding videos with a large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to a version later than 1.4.0 of dav1d...

CVE-2023-25667

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

OESA-2025-2614 dav1d security update

dav1d is a new AV1 cross-platform Decoder, open-source, and focused on speed and correctness. Security Fixes: An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past...

EUVD-2019-0383

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-1580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. W...

Linux kernel security vulnerabilities

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from an error in the calculation of the nhoff value when raw PTP Ethernet frames larger than 256 bytes in size and in 0xff mode are sent...

SUSE CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

dav1d AV1 decoder integer overflow

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0...

DEBIAN-CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

ALPINE-CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

UBUNTU-CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

kernel: IGB driver inadequate buffer size for frames larger than MTU

A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue...

USN-6495-2 linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Manfred Rudigier discovered that the IntelR PCI-Express Gigab...

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

UBUNTU-CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

GHSA-26VR-8J45-3R4W Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources

Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. Workarounds The problem can be worked around by compiling the...

qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...

FreeBSD-SA-20:27.ure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:27.ure Security Advisory The FreeBSD Project Topic: ure device driver susceptible to packet-in-packet attack Category: core Module: ure Announced: 2020-09-15...

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

DEBIAN-CVE-2016-6160

tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service segmentation fault via a large frame, a related issue to CVE-2017-14266...