37 matches found
SUSE CVE-2024-35366
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...
FFmpeg parse_options integer overflow vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg parseoptions, which can be exploited by an attacker to submit a special file and trick the user into parsing it, which can crash the...
DEBIAN-CVE-2024-35366
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...
UBUNTU-CVE-2024-35366
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...
FFmpeg 安全漏洞
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg parseoptions, which can be exploited by an attacker to submit a special file and trick the user into parsing it, which can crash the...
DEBIAN-CVE-2024-42160
In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...
CVE-2024-42160
In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...
CVE-2024-42160 f2fs: check validation of fault attrs in f2fs_build_fault_attr()
In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...
UBUNTU-CVE-2024-40971
In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...
OSV-2024-352 Heap-buffer-overflow in __parse_options
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68156 Crash type: Heap-buffer-overflow READ Crash state: parseoptions parseoptions parseoptions...
PT-2024-10422
Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1 Description The issue is related to an integer overflow vulnerability in the parse options function of sbgdec.c within the libavformat module. This vulnerability allows for negative duration values to be accepted without...
SUSE CVE-2020-24337
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcpparseoptions in picotcp.c...
Vulnerable dependencies in Nokogiri
Summary Nokogiri v1.13.2 upgrades two of its packaged dependencies: - vendored libxml2 from v2.9.12 to v2.9.13 - vendored libxslt from v1.1.34 to v1.1.35 Those library versions address the following upstream CVEs: - libxslt: CVE-2021-30560 CVSS 8.8, High severity - libxml2: CVE-2022-23308...
CVE-2021-27698
RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c through the parseoptions function...
RIOT RIOT-OS 安全漏洞
RIOT is a real-time multi-threaded IoT operating system that supports a range of devices commonly found in the Internet of Things. A buffer overflow vulnerability exists in the parseoptions function in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c in RIOT version 2021.01. No detailed...
ROS communications-related packages input validation error vulnerability
ROS communications-related packages is a package related to ROS Robot Operating System communications. An input validation error vulnerability exists in parseOptions in the tools/rosbag/src/record.cpp file in ROS communications-related packages version 1.14.3 and earlier. The vulnerability stems...
UBUNTU-CVE-2019-13445
An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. parseOptions in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line...