DEBIAN-CVE-2024-53104

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in...

radare2 安全漏洞

radare2 is the radare open source set of libraries and tools for working with binaries. A security vulnerability exists in radare2 version v.5.8.8. An attacker can exploit this vulnerability to execute arbitrary code via the parsedie function...

PT-2024-22947 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: radare2 version 5.8.8 Description: The issue allows an attacker to execute arbitrary code via the parse die function. This is a buffer overflow vulnerability that can be exploited to gain unauthorized access and execute malicious code...

DEBIAN-CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

UBUNTU-CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg parseoptions, which can be exploited by an attacker to submit a special file and trick the user into parsing it, which can crash the...

CVE-2018-9353

In ihevcdparseslicedata of ihevcdparseslice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which stems from a lack of bounds checking in the ihevcdparseslicedata function in the ihevcdparseslice.c file, which can be exploited by an attacker to cause a...

PT-2024-41065 · Git +1 · Shaderc

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A crash occurs due to a container-overflow READ 8 issue. The crash involves the glslang::HlslParseContext::decomposeIntrinsic and glslang::HlslParseContext::handleFunctionCall functions, as...

Astra Linux – Vulnerability in libheif

In Libheif 1.17.6, insufficient checks during the decoding of a heif file using ImageOverlay::parse can lead to out-of-bounds read and write operations when processing a file containing an overlay image with forged offsets...

PT-2024-35453 · Riot · Riot

Name of the Vulnerable Software and Affected Versions: RIOT versions 2024.04 and prior Description: The issue is related to the parse advertise function, located in /sys/net/application layer/dhcpv6/client.c, which lacks a minimum header length check for dhcpv6 opt t after processing dhcpv6 msg t...

sqlparse: parsing heavily nested list leads to denial of service

A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse, where a recursion error may be triggered, which can lead to a denial of service...

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. 

...

PT-2024-41058 · Git +1 · Jq

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 13 crash has been reported. The crash involves the functions jv string vfmt, jv string fmt, and jv parse sized custom flags...

The vulnerability of the ImageOverlay::parse() function in the decoder and encoder for video and photo files in the libheif library allows a hacker to access confidential information.

The vulnerability of the ImageOverlay::parse function, used by the decoder and encoder for video and photo files in the libheif library, involves reading beyond the memory boundaries. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

A vulnerability was found in the Linux kernel's amdgpu driver in the amdgpuvceringparsecs function where the size variable is initialized with a pointer that may not be properly set before use. This issue could lead to unpredictable behavior in the system...