CVE-2022-2566

FFmpeg vulnerability CVE-2022-2566: A heap out-of-bounds memory write introduced since version 5.1 in the function build_open_gop_key_points(), where adding sc->ctts_data[i].count to sc->sample_offsets_count may overflow, leading to a too-small allocation (av_calloc()) and potential remote ...

CVE-2022-2566 Heap-memory write in FFMPEG

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in buildopengopkeypoints goes through all entries in the loop and adds sc-cttsdatai.count to sc-sampleoffsetscount. This can lead to an integer overflow resulting in a small allocation with avcalloc. An...

CVE-2022-2566 Heap-memory write in FFMPEG

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in buildopengopkeypoints goes through all entries in the loop and adds sc-cttsdatai.count to sc-sampleoffsetscount. This can lead to an integer overflow resulting in a small allocation with avcalloc. An...

CVE-2022-2566

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in buildopengopkeypoints goes through all entries in the loop and adds sc-cttsdatai.count to sc-sampleoffsetscount. This can lead to an integer overflow resulting in a small allocation with avcalloc. An...

CVE-2022-40246

A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5616-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5616-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

Linux Kernel Improper Input Validation Vulnerability

The getuser and putuser API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation...

UBUNTU-CVE-2021-40647

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it...

Ubuntu 22.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5602-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5602-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

Ubuntu 18.04 LTS : Linux kernel (AWS) vulnerability (USN-5591-4)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5591-4 advisory. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A loca...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5594-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5594-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow...

Ubuntu: Security Advisory (USN-2439-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

AZL-37012 CVE-2022-32742 affecting package samba for versions less than 4.18.3-1

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5577-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5577-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

Out-of-bounds

A flaw was found in the vhost library in DPDK. Function vhostusersetinflightfd does not validate msg-payload.inflight.numqueues, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5564-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5564-1 advisory. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter...

CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

PT-2022-21511 · Apple · Ios +3

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.5 tvOS versions prior to 15.6 iOS versions prior to 15.6 iPadOS versions prior to 15.6 Description: The issue allows an app to potentially cause unexpected system termination or write kernel memory due to inadequate...

DEBIAN-CVE-2022-2476

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 pc 0x561b47a970c6 bp 0x7fff13952fb0 sp...