Lucene search
K

37 matches found

SUSE CVE
SUSE CVE
added 2024/12/03 12:33 a.m.4 views

SUSE CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

5.3CVSS6.9AI score0.00621EPSS
Exploits0References5
CNVD
CNVD
added 2024/12/03 12:0 a.m.7 views

FFmpeg parse_options integer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg parseoptions, which can be exploited by an attacker to submit a special file and trick the user into parsing it, which can crash the...

9.1CVSS6.9AI score0.00621EPSS
Exploits0References1
OSV
OSV
added 2024/11/29 8:15 p.m.3 views

DEBIAN-CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

9.1CVSS6.7AI score0.00621EPSS
Exploits0References1
OSV
OSV
added 2024/11/29 8:15 p.m.3 views

UBUNTU-CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

9.1CVSS6.8AI score0.00621EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/11/29 12:0 a.m.6 views

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg parseoptions, which can be exploited by an attacker to submit a special file and trick the user into parsing it, which can crash the...

9.1CVSS7AI score0.00621EPSS
Exploits0References4
OSV
OSV
added 2024/07/30 8:15 a.m.2 views

DEBIAN-CVE-2024-42160

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...

7.8CVSS6.2AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2024/07/30 8:15 a.m.25 views

CVE-2024-42160

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...

7.8CVSS0.00239EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/07/30 7:47 a.m.36 views

CVE-2024-42160 f2fs: check validation of fault attrs in f2fs_build_fault_attr()

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...

0.00239EPSS
Exploits0References5
OSV
OSV
added 2024/07/12 1:15 p.m.16 views

UBUNTU-CVE-2024-40971

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...

5.5CVSS6.2AI score0.003EPSS
Exploits0References22
OSV
OSV
added 2024/04/30 12:4 a.m.8 views

OSV-2024-352 Heap-buffer-overflow in __parse_options

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68156 Crash type: Heap-buffer-overflow READ Crash state: parseoptions parseoptions parseoptions...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.3 views

PT-2024-10422

Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1 Description The issue is related to an integer overflow vulnerability in the parse options function of sbgdec.c within the libavformat module. This vulnerability allows for negative duration values to be accepted without...

9.4CVSS6.4AI score0.00669EPSS
Exploits0References64
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.5 views

SUSE CVE-2020-24337

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcpparseoptions in picotcp.c...

7.5CVSS7.4AI score0.02818EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/02/25 8:32 p.m.46 views

Vulnerable dependencies in Nokogiri

Summary Nokogiri v1.13.2 upgrades two of its packaged dependencies: - vendored libxml2 from v2.9.12 to v2.9.13 - vendored libxslt from v1.1.34 to v1.1.35 Those library versions address the following upstream CVEs: - libxslt: CVE-2021-30560 CVSS 8.8, High severity - libxml2: CVE-2022-23308...

8.8CVSS0.9AI score0.21623EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/04/06 1:15 p.m.4 views

CVE-2021-27698

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c through the parseoptions function...

9.8CVSS7.6AI score0.01236EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.4 views

RIOT RIOT-OS 安全漏洞

RIOT is a real-time multi-threaded IoT operating system that supports a range of devices commonly found in the Internet of Things. A buffer overflow vulnerability exists in the parseoptions function in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c in RIOT version 2021.01. No detailed...

9.8CVSS5.9AI score0.01236EPSS
Exploits0References2
CNVD
CNVD
added 2020/01/01 12:0 a.m.3 views

ROS communications-related packages input validation error vulnerability

ROS communications-related packages is a package related to ROS Robot Operating System communications. An input validation error vulnerability exists in parseOptions in the tools/rosbag/src/record.cpp file in ROS communications-related packages version 1.14.3 and earlier. The vulnerability stems...

9.8CVSS7.1AI score0.02215EPSS
Exploits1References1
OSV
OSV
added 2019/12/30 6:15 p.m.4 views

UBUNTU-CVE-2019-13445

An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. parseOptions in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line...

9.8CVSS7.3AI score0.02215EPSS
Exploits1References5
Rows per page
Query Builder