CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-34055 – Debian Security Advisory 5294-1
https://notcve.org/view.php?id=CVE-2021-34055
04 Nov 2022 — jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. jhead 3.06 es vulnerable al desbordamiento del búfer a través de exif.c en la función Put16u. It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this... • https://github.com/Matthias-Wandel/jhead/issues/36 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 3CVE-2022-44638 – pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-44638
03 Nov 2022 — In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. En libpixman en Pixman anterior a 0.42.2, hay una escritura fuera de límites (también conocida como desbordamiento de búfer basado en montón) en rasterize_edges_8 debido a un desbordamiento de enteros en pixman_sample_floor_y. A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer ... • https://packetstorm.news/files/id/170121 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 1CVE-2022-39353 – xmldom allows multiple root nodes in a DOM
https://notcve.org/view.php?id=CVE-2022-39353
02 Nov 2022 — xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @x... • https://github.com/jindw/xmldom/issues/150 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 1CVE-2021-37789 – Gentoo Linux Security Advisory 202409-15
https://notcve.org/view.php?id=CVE-2021-37789
02 Nov 2022 — stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. stb_image.h 2.27 tiene un búfer basado en montón en stbi__jpeg_load, lo que provoca divulgación de información o denegación de servicio. Multiple vulnerabilities have been discovered in stb, the worst of which lead to a denial of service. Versions greater than or equal to 20240201 are affected. • https://github.com/nothings/stb/issues/1178 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43235 – Debian Security Advisory 5346-1
https://notcve.org/view.php?id=CVE-2022-43235
02 Nov 2022 — Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. Se descubrió que Libde265 v1.0.8 contenía una vulnerabilidad de desbordamiento del búfer de almacenamiento dinámico a través de ff_hevc_put_hevc_epel_pixels_8_sse en sse-motion.cc. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de ... • https://github.com/strukturag/libde265/issues/337 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43236 – Ubuntu Security Notice USN-6627-1
https://notcve.org/view.php?id=CVE-2022-43236
02 Nov 2022 — Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43237 – Ubuntu Security Notice USN-6627-1
https://notcve.org/view.php?id=CVE-2022-43237
02 Nov 2022 — Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43238 – Debian Security Advisory 5346-1
https://notcve.org/view.php?id=CVE-2022-43238
02 Nov 2022 — Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. Se descubrió que Libde265 v1.0.8 contenía un bloqueo desconocido a través de ff_hevc_put_hevc_qpel_h_3_v_3_sse en sse-motion.cc. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo de vídeo manipulado. Multiple security issues were discovered ... • https://github.com/strukturag/libde265/issues/336 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43239 – Debian Security Advisory 5346-1
https://notcve.org/view.php?id=CVE-2022-43239
02 Nov 2022 — Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43240 – Debian Security Advisory 5346-1
https://notcve.org/view.php?id=CVE-2022-43240
02 Nov 2022 — Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. Se descubrió que Libde265 v1.0.8 contenía una vulnerabilidad de desbordamiento del búfer de almacenamiento a través de ff_hevc_put_hevc_qpel_h_2_v_1_sse en sse-motion.cc. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo ... • https://github.com/strukturag/libde265/issues/335 • CWE-787: Out-of-bounds Write •