Astra Linux - уязвимость в libass

A stack overflow occurred in the parsetag function in libass/assparse.c in libass before version 0.15.0. This vulnerability allows remote attackers to cause a denial of service or remote code execution through a crafted file...

CVE-2026-31792

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5...

EUVD-2026-10735

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31792 iccDEV has a null pointer dereference in CIccTagXmlStruct::ParseTag()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-21674 iccDEV has a Memory Leak in its CIccProfileXml::ParseTag() Error Path

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path iccFromXml. This issue is fixed in version 2.3.1.1...

CVE-2025-22423

In ParseTag of dngifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22423

In ParseTag of dngifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22423

In ParseTag of dngifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22423

The CVE-2025-22423 entry concerns the dng_ifd.cpp ParseTag function where a missing bounds check can crash the image renderer, enabling remote DoS with no privileges and no user interaction. Connected OSV/Red Hat/Android bulletin records corroborate a bound-check issue in the same function and de...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android, which stems from a lack of bounds checking in the ParseTag function in dngifd.cpp, which could lead to a remote denial of service...

SUSE CVE-2020-24994

Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file...

OESA-2022-1904 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Protobuf-c v1.4.0 was discovered to contain an invalid...

OESA-2022-1789 protobuf-c security update

This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format. Security Fixes: Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a...

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. It contains an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to it...

DEBIAN-CVE-2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

UBUNTU-CVE-2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

protobuf-c 安全漏洞

protobuf-c is a protocol buffer implementation based on C. A denial of service vulnerability exists in Protobuf-c v1.4.0, which stems from a function parsetagandwiretype in protobuf-c/protobuf-c.c that contains an invalid arithmetic shift. An attacker could exploit this vulnerability to cause a...

PT-2022-6744 · Unknown +5 · Protobuf-C +5

Name of the Vulnerable Software and Affected Versions: Protobuf-c version 1.4.0 Description: The issue is related to an invalid arithmetic shift via the parse tag and wiretype function in protobuf-c/protobuf-c.c, which can cause a Denial of Service DoS via unspecified vectors. This is also...

DEBIAN-CVE-2020-24994

Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file...