CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-51793 – Debian Security Advisory 5721-1
https://notcve.org/view.php?id=CVE-2023-51793
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavutil/imgutils.c:353:9 en image_copy_plane. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to... • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-51798 – Debian Security Advisory 5721-1
https://notcve.org/view.php?id=CVE-2023-51798
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de un error de excepción de punto flotante (FPE) en libavfilter/vf_minterpolate.c:1078:60 en interpolación. Several vulnerabilities have been discovered in the FF... • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2024-31578 – Ubuntu Security Notice USN-6803-1
https://notcve.org/view.php?id=CVE-2024-31578
17 Apr 2024 — FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. Se descubrió que la versión n6.1.1 de FFmpeg contenía un heap use-after-free a través de la función av_hwframe_ctx_init. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. • https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3864 – Mozilla: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
https://notcve.org/view.php?id=CVE-2024-3864
16 Apr 2024 — Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Error de seguridad de la memoria presente en Firefox 124, Firefox ESR 115.9 y Thunderbird 115.9. Este error mostró evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo esto podr... • https://bugzilla.mozilla.org/show_bug.cgi?id=1888333 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2024-3302 – Mozilla: Denial of Service using HTTP/2 CONTINUATION frames
https://notcve.org/view.php?id=CVE-2024-3302
16 Apr 2024 — There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. No había límite para la cantidad de frames de CONTINUATION HTTP/2 que se procesarían. Un servidor podría abusar de esto para crear una condición de falta de memoria en el navegador. • https://bugzilla.mozilla.org/show_bug.cgi?id=1881183 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-3863
https://notcve.org/view.php?id=CVE-2024-3863
16 Apr 2024 — The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. La advertencia del archivo ejecutable no se presentó al descargar archivos .xrm-ms. *Nota: Este problema solo afectó a los sistemas operativos Windows. • https://bugzilla.mozilla.org/show_bug.cgi?id=1885855 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3861 – Mozilla: Potential use-after-free due to AlignedBuffer self-move
https://notcve.org/view.php?id=CVE-2024-3861
16 Apr 2024 — If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Si se asignara un AlignedBuffer a sí mismo, el movimiento automático posterior podría dar como resultado un recuento de referencias incorrecto y, posteriormente, un use-after-free. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Secu... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883158 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-3859 – Mozilla: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
https://notcve.org/view.php?id=CVE-2024-3859
16 Apr 2024 — On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. En las versiones de 32 bits había desbordamientos de enteros que conducían a una lectura fuera de los límites que potencialmente podría ser provocada por una fuente OpenType con formato incorrecto. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The... • https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3857 – Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
https://notcve.org/view.php?id=CVE-2024-3857
16 Apr 2024 — The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. El JIT creó código incorrecto para los argumentos en ciertos casos. Esto provocó posibles fallos de use-after-free durante la recolección de basura. • https://bugzilla.mozilla.org/show_bug.cgi?id=1886683 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3854 – Mozilla: Out-of-bounds-read after mis-optimized switch statement
https://notcve.org/view.php?id=CVE-2024-3854
16 Apr 2024 — In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. En algunos patrones de código, el JIT optimizó incorrectamente las declaraciones de cambio y generó código con lecturas fuera de los límites. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the J... • https://bugzilla.mozilla.org/show_bug.cgi?id=1884552 • CWE-125: Out-of-bounds Read •