CVE-2024-47540 GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This vulnerability coul...

Denial Of Service (DoS)

github.com/containers/image is vulnerable to denial of service DoS. The vulnerability exists because it does not restrict the sizes of blobs copied into memory such as the manifest, the config, signatures, etc, allowing an attacker to hijack registries leading to a big blobs and triggering an out...