Medium: credentials-fetcher

Issue Overview: A denial of service vulnerability GHSA-XMRV-PMRH-HHX2 was found in the bundled AWS SDK for Go v2 EventStream decoder used by credentials-fetcher. An attacker who can inject a malformed EventStream response frame with a crafted header value type byte outside the valid range can cau...

CVE-2026-40312 ImageMagick: Off-by-One in MSL decoder could result in crash

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19...

The vulnerability of the lzma_stream_decoder_mt() function in the liblzma library, a data compression package for XZ Utils, allows a hacker to cause a service failure.

The vulnerability of the lzmastreamdecodermt function in the liblzma library, a component of the XZ Utils data compression package, involves premature resource release due to pointer aliasing. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

xz: XZ has a heap-use-after-free bug in threaded .xz decoder

A flaw was found in the XZ Utils library. In affected versions, the multithreaded .xz decoder in liblzma has a bug where invalid input can trigger a heap use-after-free condition, allowing writes to an address based on the null pointer plus an offset. This issue may result in a crash or other...

CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free when processing multiple threads in the workerdecoder function in streamdecodermt.c. An attacker can cause the input buffer to be freed while a worker-specific thread is still writing to it, triggering a crash. Note: The...

PT-2024-40631 · Git +1 · Flac

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 4 crash has been reported. The crash involves the process page , FLAC ogg decoder aspect skip link, and FLAC stream decoder...

SUSE CVE-2014-9028

Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

UBUNTU-CVE-2017-6888

An error in the "readmetadatavorbiscomment" function src/libFLAC/streamdecoder.c in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file...

The vulnerability of the Android operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the libFLAC/streamdecoder.c function in the Android operating system’s mediaserver component is due to buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure memory corruption by using a specially crafted...

DLA-99-1 flac - security update

Bulletin has no description...

CVE-2014-9028

Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

DEBIAN-CVE-2014-8962

Stack-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

UBUNTU-CVE-2014-8962

Stack-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

UBUNTU-CVE-2014-9028

Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...