luksmeta: Data corruption when handling LUKS1 partitions with luksmeta

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

PT-2026-4984

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description User-controlled chunkSize metadata lacks appropriate validation, potentially leading to malformed GridFS metadata overflowing the bounding container. This can result in a heap allocation...

MiracleLinux 8 : gstreamer1-plugins-base-1.16.1-4.el8_10 (AXSA:2024-9007:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9007:03 advisory. gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 Tenable has extracted the preceding description block directly from the MiracleLinux security...

OESA-2025-2688 luksmeta security update

LUKSMeta is a simple library for storing metadata in the LUKSv1 header. Some projects need to store additional metadata about a LUKS volume that is accessable before unlocking it. Fortunately, there is a gap in the LUKS header between the end of the slot area and the payload offset, LUKSMeta uses...

DEBIAN-CVE-2025-11568

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

AZL-72866 CVE-2025-11568 affecting package luksmeta 9-8

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

CVE-2025-11568

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

CVE-2025-11568

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

CVE-2025-11568 Luksmeta: data corruption when handling luks1 partitions with luksmeta

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

CVE-2025-11568

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

Linux Distros Unpatched Vulnerability : CVE-2023-47996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability in Exif.cpp::jpegreadexifdir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service...

Important: gstreamer-plugins-base

Issue Overview: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

Important: gstreamer1-plugins-base

Issue Overview: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

EulerOS 2.0 SP11 : grpc (EulerOS-SA-2023-3007)

According to the versions of the grpc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exception...

CVE-2023-33953

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow...

Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code

The vulnerability of the MPEG4Extractor::readMetaData function located in MPEG4Extractor.cpp, within libstagefright in Firefox and Firefox ESR browsers is related to a potential overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially crafte...

Mozilla: Integer overflows in libstagefright while processing MP4 video metadata (MFSA 2015-93)

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538...