OSV-2024-1249 Heap-buffer-overflow in extract_ice_option

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376100377 Crash type: Heap-buffer-overflow READ 1 Crash state: extracticeoption parsesdpsession parsesdp...

PT-2024-40618 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash occurs in the following functions: extract ice option, parse sdp session, and parse sdp...

PT-2024-40617 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A heap-buffer-overflow READ 6 crash has been reported. The crash involves the functions extract fmtp, parse sdp session, and parse mixed content...

SUSE CVE-2024-46478

HTMLDOC v1.9.18 contains a buffer overflow in parsepre function,ps-pdf.cxx:5681...

UBUNTU-CVE-2024-46478

HTMLDOC v1.9.18 contains a buffer overflow in parsepre function,ps-pdf.cxx:5681...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

Security update for go1.21-openssl

This update for go1.21-openssl fixes the following issues: CVE-2024-24791: Fixed denial of service due to improper 100-continue handling bsc1227314 CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973 CVE-2024-24790: Fixed unexpected behavior from Is...

PT-2024-40377 · Butterfly · Butterfly

Name of the Vulnerable Software and Affected Versions: Butterfly affected versions not specified Description: The issue allows an attacker to execute arbitrary JavaScript code on the server by using the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

SUSE CVE-2024-50012

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parseperfdomain function, if the call to ofparsephandlewithargs returns an error, then the reference to the CPU device node that was acquired at the start of the function...

AZL-51408 CVE-2024-50012 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parseperfdomain function, if the call to ofparsephandlewithargs returns an error, then the reference to the CPU device node that was acquired at the start of the function...

DEBIAN-CVE-2024-50012

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parseperfdomain function, if the call to ofparsephandlewithargs returns an error, then the reference to the CPU device node that was acquired at the start of the function...

UBUNTU-CVE-2024-47751

In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirinpcieparseport Within kirinpcieparseport, the pcie-numslots is compared to pcie-gpioidreset size MAXPCISLOTS which is correct and would lead to an overflow. Thus, fix condition to...

Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024188 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651...

DEBIAN-CVE-2024-41311

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write...

UBUNTU-CVE-2024-41311

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write...

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024183 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651...

PT-2024-7935 · Libheif +6 · Libheif +6

Name of the Vulnerable Software and Affected Versions: Libheif version 1.17.6 Description: The issue is related to the ImageOverlay::parse function in the libheif decoder and encoder for video and photo file formats. It involves an out-of-bounds read and write due to insufficient checks when...

Vue 安全漏洞

Vue is an HTML, CSS, and JS framework open-sourced by Vue. It is used to develop web applications with fine-grained reactivity. A security vulnerability exists in Vue versions 2.0.0 through 3.0.0, which stems from a potential regular expression denial of service vulnerability caused by an incorre...