PT-2025-36281

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The insn rw emulate bits function, used as a default handler for INSN READ and INSN WRITE instructions in the comedi subsystem, does not correctly handle multiple samples as indicated by...

MAL-2024-12129 Malicious code in aws-iot-samples-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 379933a89a9078f046a3ed35489373ccc8c0e070cef4700bbd90d36f087d5569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: mpg123:1.32.9 security update

An update for the mpg123:1.32.9 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: mpg123:1.32.9 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

Moderate: mpg123 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

ALSA-2024:11193 Moderate: mpg123 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

SUSE CVE-2024-47537

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-samples to accommodate stream-nsamples + samplescount elements of type QtDemuxSample. The problem is that samplescount is read from the input file. And i...

SUSE CVE-2024-47597

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

AZL-62384 CVE-2024-47597 affecting package gstreamer1 1.20.0-2

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

DEBIAN-CVE-2024-47597

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

GStreamer 缓冲区错误漏洞

GStreamer is an open source set of frameworks for processing streaming media from GStreamer. A buffer error vulnerability exists in GStreamer versions prior to 1.24.10, which stems from an out-of-bounds read detected in the qtdemuxparsesamples function in qtdemux.c. The vulnerability is caused by...

GStreamer 输入验证错误漏洞

GStreamer is a GStreamer open source set of frameworks for processing streaming media. An input validation error vulnerability exists in GStreamer, which stems from an integer overflow during addition when samplescount is large enough...

OpenEXR: Heap Overflow in Scanline Deep Data Parsing

A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanlin...

Malicious code in @ciam-expressjs-vanilla-samples/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc28deadcf9235665f79c65d92ca7684f27361c14efa6bcd44ad82b40947b9df The OpenSSF Package Analysis project identified '@ciam-expressjs-vanilla-samples/shared' @ 1.0.1 npm as malicious. It is considered malicious...

Malicious code in nodejs-docs-samples-vision (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1cdc3327056c67e82939a16ed3db3bac39a19b9dbcadfe2aabfd9dbaa353635 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Azure ML.NET Samples mlnetfilestorage Uncontrolled Search Path Element Vulnerability

This vulnerability allows remote attackers to manipulate sample datasets on affected installations of ML.NET Samples for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of ML.NET Samples. When installed from the...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and...

CVE-2023-52793

CVE-2023-52793 is rejected by its CVE Numbering Authority and does not represent an active vulnerability entry.

CVE-2023-52793

Removed by vendor...