expat -- multiple vulnerabilities

libexpat reports: CVE-2024-45490: Calling function XMLParseBuffer with len 0 without noticing and then calling XMLGetBuffer will have XMLParseBuffer fail to recognize the problem and XMLGetBuffer corrupt memory. With the fix, XMLParseBuffer now complains with error XMLERRORINVALIDARGUMENT just li...

CVE-2022-1920

Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite...

qemu-kvm security and bug fix update

1.5.3-126.el73.5 - kvm-cirrus-fix-patterncopy-checks.patch bz1420490 - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch bz1420490 - kvm-cirrus-add-blitisunsafe-call-to-cirrusbitbltcput.patch bz1420490 - Resolves: bz1420490 EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus:...

GLSA-200503-34 : mpg321: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200503-34 mpg321: Format string vulnerability A routine security audit of the mpg321 package revealed a known security issue remained unpatched. The vulnerability is a result of mpg321 printing embedded ID3 data to the console in ...

KPhone 2.x/3.x/4.0.1 - Malformed STUN Packet Denial of Service

source: https://www.securityfocus.com/bid/10159/info A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP Session Initiation Protocol STUN message. This is due to insufficient validation of user-specified STUN packet attribute lengths,...