Lucene search
K

318 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:11 p.m.7 views

Malicious code in ts-opus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73b0105b34723dd6e1449c3353d1d4df0dcf94ae460a4dfd156566bb4ba372c7 ts-opus 0.0.8 ships an unmodified copy of MikeMcl/big.js README, copyright, and repository URL all reference big.js but injects an additional top-lev...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/17 2:6 p.m.8 views

GHSA-6PR9-RP53-2PMC vLLM: OOM Denial of Service via Audio Decompression Bomb

Summary vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. Tested on vLLM v0.19.0. Details SpeechToTextProcessor rejects uploads over VLLMMAXAUDIOCLIPFILESIZEMB default 25MB based on...

6.5CVSS5.4AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50489

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description The '/v1/audio/transcriptions' endpoint limits the size of compressed uploads but fails to limit the size of the decoded PCM Pulse Code Modulation output. PCM is an uncompressed digital audio format...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2025-210152

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.6AI score0.00202EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2025-210147

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.6AI score0.00235EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2025-210151

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.3AI score0.00202EPSS
Exploits1References3
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2025-55661

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.12 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.12 views

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00235EPSS
Exploits1References2
CVE
CVE
added 2026/06/15 12:0 a.m.13 views

CVE-2025-55648

GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_opus_parse_packet_header (media_tools/av_parsers.c) that can cause a Denial of Service when a crafted MP4 file is processed. This is a DoS by exploiting a memory-protection flaw in the parser; CVSS notes a local attack with user interac...

5.5CVSS5.6AI score0.00235EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49274

A heap buffer overflow in the gf opus parse packet header function media tools/av parsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.6AI score0.00235EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49279

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A heap buffer overflow occurs in the Opus audio stream parser component. This issue allows attackers to cause a Denial of Service DoS, which is a condition where a system or service becomes unavailable to it...

5.5CVSS6.1AI score0.00202EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49278

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A stack overflow occurs in the gf opus read length function within the media tools/av parsers.c file. This issue allows attackers to cause a Denial of Service DoS by providing a specially crafted MP4 file...

5.5CVSS5.9AI score0.00202EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.8 views

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.6AI score0.00235EPSS
Exploits1References1
CVE
CVE
added 2026/06/15 12:0 a.m.16 views

CVE-2025-55661

Summary: CVE-2025-55661 concerns GPAC MP4Box v2.4, specifically its Opus audio stream parser. The issue is a heap buffer overflow in parsing Opus data, which can be triggered by processing a crafted MP4 file and may cause a Denial of Service. The threat is assessed locally (attack vector: local) ...

5.5CVSS5.6AI score0.00202EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.8 views

CVE-2025-55661

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.6AI score0.00202EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.8 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.3AI score0.00202EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.33 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00202EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.37 views

CVE-2025-55661

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00202EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.32 views

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00235EPSS
Exploits1References1
Rows per page
Query Builder