Advisory ROSA-SA-2026-3281

software: libde265 1.0.18 OS: ROSA-CHROME unaffected versions = libde265-1.0.18-1 affected versions libde265-1.0.18-1 CVE-ID: CVE-2025-61147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in strukturag libde265 commit d9fea9d is related to a segmentation error in the...

Advisory ROSA-SA-2024-2537

Software: openjpeg2 2.4.0 OS: ROSA-CHROME packageevrstring: openjpeg2-2.4.0-3 CVE-ID: CVE-2022-1122 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The opj2decompress program in openjpeg2 has discovered a flaw in the way it handles an input directory with a large number of files. When the program fails ...

Advisory ROSA-SA-2024-2533

Software: imlib2 1.4.9 OS: rosa-server79 packageevrstring: imlib2-1.4.9-1.res7 CVE-ID: CVE-2014-9762 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: imlib2 allows remote attackers to cause a denial of service segmentation error using a GIF image without a color map. CVE-STATUS: Fixed CVE-REV: Run the yum...

ROS-20240815-09

Authentication and authorization module for Apache 2.x HTTP server Modauthopenidc has a vulnerability related to setting OIDCStripCookies and providing the created cookie, a dereferencing of a NULL pointer occurs, which will cause a segmentation error. NULL pointer, which will result in a...

Advisory ROSA-SA-2024-2453

Software: e2fsprogs 1.46.6 WASP: ROSA-CHROME packageevrstring: e2fsprogs-1.46.6-1 CVE-ID: CVE-2022-1304 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read/write vulnerability outside the allocated area has been detected in e2fsprogs. This issue leads to a segmentation error and possible execution of...

Advisory ROSA-SA-2024-2434

Software: giflib 5.2.1 OS: ROSA-CHROME packageevrstring: giflib-5.2.1-4 CVE-ID: CVE-2023-39742 BDU-ID: 2023-05863 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getarg.c component of the GIFLIB library for handling GIF files is related to a segmentation error. Exploitation of the vulnerabilit...

Advisory ROSA-SA-2024-2414

software: upx 4.2.1 OS: ROSA-CHROME packageevrstring: upx-4.2.1-1 CVE-ID: CVE-2023-23456 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack in the file ptmt.cpp. This thread allows an attacker to cause a denial of service interrupt using...

LibTIFF Segmentation Error Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A segmentation error vulnerability exists in LibTIFF that stems from the presence of a segmentation error issue, which can be exploited by a...

Advisory ROSA-SA-2023-2260

software: upx 4.0.2 OS: ROSA-CHROME packageevrstring: upx-4.0.2-1.src.rpm CVE-ID: CVE-2019-20805 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: plxelf.cpp in UPX before version 3.96 has an integer overflow during unpacking via created values in the PTDYNAMIC segment. CVE-STATUS: Fixed CVE-REV: To close...

Advisory ROSA-SA-2023-2256

Software: libmysofa 1.3.1 OS: ROSA-CHROME packageevrstring: libmysofa-1.3.1-1.src.rpm CVE-ID: CVE-2020-36148 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Improper handling of input to theverifyAttribute function in the libmysofa 0.5-1.1 library will result in dereferencing a null pointer and a...

Google TensorFlow tf.raw_ops.TensorListConcat denial of service vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial of service vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, 2.9.3 and later, 2.10.0 and later, and 2.10.1. TensorListConcat" is given "elementshape=", resulti...

LIEF Denial of Service Vulnerability

LIEF is a cross-platform library from the personal developer Romain Thomas. Used for parsing, modifying and abstracting Elf, Pe and MachO formats, a denial of service vulnerability exists in LIEF v0.12.1, which stems from a failure to properly handle incoming error messages in the initandparse...

PBC denial of service vulnerability

PBC is a Google Protocol Buffer Library for C from the individual developers at cloudwu in China. A denial of service vulnerability exists in PBC 2022-8-27 and prior versions, which stems from a segmentation error in the PBCwmessageinteger function in src/wmessage.c:137. An attacker could exploit...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-10611)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from a segmentation error that occurs if QuantizedAdd is given a tensor of non-zero rank mininput or maxinput. An attacke...

GPAC Denial of Service Vulnerability (CNVD-2022-54892)

GPAC is an open source multimedia framework. there is a denial of service vulnerability in versions prior to GPAC v2.1.0, which stems from the presence of null pointer dereference in the application resulting in a segmentation error that can be exploited by attackers to cause a denial of service...

MariaDB has an unspecified vulnerability (CNVD-2022-51597)

MariaDB is a free and open source database management system from the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.MariaDB has a security vulnerability that originated through the component Itemfuncin::cleanup/Item::cleanupprocessor found A segmentation...

MariaDB has an unspecified vulnerability (CNVD-2022-51596)

MariaDB is a free and open source database management system from the Mariadb Foundation and a branch version of MySQL that uses the Maria storage engine.MariaDB has a security vulnerability that stems from the existence of a segmentation error found through the component Itemfield::fixouterfield...

MariaDB has an unspecified vulnerability (CNVD-2022-51594)

MariaDB is a free and open source database management system from the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.A security vulnerability exists in MariaDB, which stems from a segmentation error found via the component Exectimetracker::...

MariaDB has an unspecified vulnerability (CNVD-2022-51595)

MariaDB is a free and open source database management system from the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.MariaDB has a security vulnerability that stems from a segmentation error found through the component Itemargs::walkargs. No details of the...

MariaDB has an unspecified vulnerability (CNVD-2022-51598)

MariaDB is a free and open source database management system from the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.There is a security vulnerability in the MariaDB version that stems from the existence of a segmentation error found through the component...