gstreamer1-plugins-good: OOB-read in qtdemux_parse_samples

A flaw was found in the GStreamer library. Multiple out-of-bounds reads in the MP4/MOV demuxer's sample table parsing and a lack of error checking can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash...

RLSA-2024:11193 Moderate: mpg123 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

Adversarial Sample Generation for Anomaly Detection in Industrial Control Systems

Machine learning ML-based intrusion detection systems IDS are vulnerable to adversarial attacks. It is crucial for an IDS to learn to recognize adversarial examples before malicious entities exploit them. In this paper, we generated adversarial samples using the Jacobian Saliency Map Attack JSMA...

Revisiting Data Auditing in Large Vision-Language Models

With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...

SUSE CVE-2025-22100

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 "drm/panthor: add DRM fdinfo support" failed to protect access to groups with an xarray lock, which could lead to use-after-free errors...

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

This blog details our investigation of malware samples that conceal within them a FOG ransomware payload...

DEBIAN-CVE-2025-22100

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 "drm/panthor: add DRM fdinfo support" failed to protect access to groups with an xarray lock, which could lead to use-after-free errors...

UBUNTU-CVE-2025-22100

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 "drm/panthor: add DRM fdinfo support" failed to protect access to groups with an xarray lock, which could lead to use-after-free errors...

CVE-2025-22100

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 "drm/panthor: add DRM fdinfo support" failed to protect access to groups with an xarray lock, which could lead to use-after-free errors...

CVE-2025-22100 drm/panthor: Fix race condition when gathering fdinfo group samples

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 "drm/panthor: add DRM fdinfo support" failed to protect access to groups with an xarray lock, which could lead to use-after-free errors...

RLSA-2024:11242 Moderate: mpg123:1.32.9 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

Security update for tiff

This update for tiff fixes the following issues: CVE-2023-25435: Heap-buffer-overflow in extractContigSamplesShifted8bits in tiffcrop.c bsc1212607. CVE-2023-52356: Segment fault in libtiff in TIFFReadRGBATileExt leading to denial of service bsc1219213. Other bugfixes: Fixed tiff build issue on...

UBUNTU-CVE-2021-47654

In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix pathlist memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'pathlist' ret = 0; ^ pathlist is allocated in parsepath but never freed...

CVE-2021-47654

CVE-2021-47654: Linux kernel landlock sandbox fix for a path_list memory leak where path_list allocated in parse_path() is not freed. Description notes a leak warning in sandboxer.c:134 and that path_list is freed by none. No exploitation details or fixes/versions are specified beyond the fix not...

com.github.zhkl0228:netguard (>=0.0.5 <=0.0.6), tech.kwik:flupke (>=0.5.4 <=0.6) +5 more potentially affected by CVE-2025-23020 via tech.kwik:kwik (=0.10)

tech.kwik:kwik MAVEN version =0.10 is affected by a known vulnerability. The following packages have a transitive dependency on tech.kwik:kwik and may be impacted: - com.github.zhkl0228:netguard =0.0.5, =0.5.4, =0.6 - tech.kwik:kwik-cli =0.10 - tech.kwik:kwik-h09 =0.10 - tech.kwik:kwik-interop...

PT-2025-7261 · Git +1 · Wavpack

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to a crash type of Object-size. The crash state involves the functions unpack dsd samples and unpack samples worker thread. No information is available about the...

PT-2025-7260 · Git +1 · Wavpack

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the following functions: get word, unpack samples, and...

OSV-2025-105 Heap-use-after-free in unpack_dsd_samples

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=395207094 Crash type: Heap-use-after-free READ 1 Crash state: unpackdsdsamples unpacksamplesworkerthread unpacksamplesworkerthread...

PT-2025-7256 · Wavpack · Wavpack

Name of the Vulnerable Software and Affected Versions: Wavpack affected versions not specified Description: The issue is related to a crash caused by a use-of-uninitialized-value error. The crash occurs in the decimate dsd run function, which is called by WavpackUnpackSamples. This suggests a...

org.apache.cocoon:cocoon-apples-sample (=2.3.0), org.apache.cocoon:cocoon-dist-samples (=2.3.0) +8 more potentially affected by CVE-2025-24783 via org.apache.cocoon:cocoon-forms-impl (=2.3.0)

org.apache.cocoon:cocoon-forms-impl MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cocoon:cocoon-forms-impl and may be impacted: - org.apache.cocoon:cocoon-apples-sample =2.3.0 - org.apache.cocoon:cocoon-dist-samples...