The vulnerability of the ImageOverlay::parse() function in the decoder and encoder for video and photo files in the libheif library allows a hacker to access confidential information.

The vulnerability of the ImageOverlay::parse function, used by the decoder and encoder for video and photo files in the libheif library, involves reading beyond the memory boundaries. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

A vulnerability was found in the Linux kernel's amdgpu driver in the amdgpuvceringparsecs function where the size variable is initialized with a pointer that may not be properly set before use. This issue could lead to unpredictable behavior in the system...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

PT-2024-8708 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge SE2024 versions prior to V224.0 Update 9 Description: A vulnerability has been identified that allows an attacker to execute code in the context of the current process by exploiting an out of bounds read past the end of an allocate...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python that stems from the urllib.parse.urlsplit function and the urlparse...

CVE-2024-35423

vmir e8117 was discovered to contain a heap buffer overflow via the wasmparsesectionfunctions function at /src/vmirwasmparser.c...

CVE-2024-35425

vmir e8117 was discovered to contain a segmentation violation via the functionprepareparse function at /src/vmirfunction.c...

Security update for libheif

This update for libheif fixes the following issues: CVE-2024-41311: Fixed out-of-bounds read and write in ImageOverlay:parse due to decoding a heif file containing an overlay image with forged offsets bsc1231714. Patch Instructions: To install this SUSE update use the SUSE recommended installatio...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a heap buffer overflow in the wasmparsesectionfunctions function...

PT-2024-26492 · Unknown · Vmir E8117

Name of the Vulnerable Software and Affected Versions: vmir e8117 version e8117 Description: A heap buffer overflow issue was discovered in vmir e8117 via the wasm parse section functions function at /src/vmir wasm parser.c. This issue occurs due to a heap buffer overflow, which can be exploited...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a segmentation violation in the wasmparseblock function...

EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2827)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time.CVE-2023-52426 An issue was discovered in libexp...

PT-2024-26490 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir version e8117 Description: A segmentation violation issue was discovered in vmir via the wasm parse block function at /src/vmir wasm parser.c. This issue occurs due to a problem in the wasm parse block function, which can cause a...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a segmentation violation in the functionprepareparse function...

PT-2024-26494 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir e8117 Description: A segmentation violation issue was discovered in vmir via the function prepare parse function located at /src/vmir function.c. Recommendations: For vmir e8117, as a temporary workaround, consider disabling the function...

DEBIAN-CVE-2024-50165

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve param-string when parsing mount options In bpfparseparam, keep the value of param-string intact so it can be freed later. Otherwise, the kmalloc area pointed to by param-string will be leaked as shown below:...