SUSE-SU-2026:21854-1 Security update for localsearch

This update for localsearch fixes the following issues: - CVE-2026-1764: Fixed a heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files. bsc1257606 - CVE-2026-1765: Fixed a Denial of Service and potential information disclosure via crafted MP3 files...

Astra Linux - уязвимость в ffmpeg5

A flaw was discovered in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services a...

EUVD-2019-19868

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality...

CVE-2019-25560

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality...

CVE-2019-25560 Lyric Video Creator 2.1 Denial of Service via MP3 File

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tracker-miners vulnerabilities (USN-8019-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8019-1 advisory. Fatih elik discovered that tracker-miners incorrectly handled certain malformed MP3 files. An attacker could use this issue to cause...

USN-8019-1: tracker-miners vulnerabilities

Fatih Çelik discovered that tracker-miners incorrectly handled certain malformed MP3 files. An attacker could use this issue to cause tracker-miners to crash, resulting in a denial of service, or possibly execute arbitrary code...

PT-2026-6841

Name of the Vulnerable Software and Affected Versions tracker-miners affected versions not specified Description A flaw exists in tracker-miners related to the handling of malformed MP3 files. Specifically, the software incorrectly processes certain MP3 files, potentially leading to a denial of...

EUVD-2025-38295

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

CVE-2025-7700

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

Linux Distros Unpatched Vulnerability : CVE-2025-52194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerabili...

libsndfile 安全漏洞

libsndfile is a libsndfile open source AC library for reading and writing sound files containing sampled audio data. A security vulnerability exists in libsndfile 1.2.2 and earlier versions, which stems from a buffer overflow when processing malformed IRCAM audio files, which could lead to memory...

SUSE CVE-2025-7700

A flaw was found in FFmpeg's ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

Exploit for Out-of-bounds Write in Apple Macos

CVE-2025-31200 & CVE-2025-31201 | iMessage Zero‑Click RCE Chai...

gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio

A heap buffer overflow flaw was found in the MXF file, demuxer, in the GStreamer Plugins Bad when handling malformed files with AES3 audio. This issue requires user interaction with the library. It may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a...

SUSE CVE-2007-4904

RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 FC6 and possibly other platforms, allow user-assisted remote attackers to cause a denial of service application crash via a malformed .au file that triggers a divide-by-zero error...

SUSE CVE-2018-14332

An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the...

Binary Vulnerability in KINCO DTools

Shanghai BUCO Automation Co., Ltd. has been focusing on the research, development, production, sales and related technical services of core components for industrial automation equipment control and industrial IoT/Internet software and hardware, as well as providing customers with equipment...

USN-3241-1: audiofile vulnerabilities

Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker could cause applications linked against audiofile to crash, leading to a denial of service, or...

Debian: Security Advisory (DSA-3814-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...