CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34408
https://notcve.org/view.php?id=CVE-2024-34408
Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file. • https://github.com/Tencent/libpag/issues/2230 https://github.com/Tencent/libpag/pull/2243 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-47212
https://notcve.org/view.php?id=CVE-2023-47212
A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad de comentarios de stb _vorbis.c v1.22. Un archivo .ogg especialmente manipulado puede provocar una escritura fuera de los límites. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHQQXX27ACLLYUQHWSL3DVCOGUK5ZA4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WRORYQ2Z2XXHPX36JHBUSDVY6IOMW2N https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBIPXOBWUHPAH4QHMVP2AWWAPDDZDQ66 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1846 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-33078
https://notcve.org/view.php?id=CVE-2024-33078
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. Tencent Lippag v4.3 es vulnerable al desbordamiento de búfer. Un usuario puede enviar una imagen manipulada para desencadenar un desbordamiento que conduzca a la ejecución remota de código. • https://github.com/HBLocker/CVE-2024-33078 • CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26927 – ASoC: SOF: Add some bounds checking to firmware data
https://notcve.org/view.php?id=CVE-2024-26927
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: agregue algunas comprobaciones de los límites a los datos del firmware. Smatch se queja de que "head->full_size - head->header_size" puede desbordarse. • https://git.kernel.org/stable/c/d2458baa799fff377660d86323dd20a3f4deecb4 https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153 https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48 https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306 https://access.redhat.com/security/cve/CVE-2024-26927 https://bugzilla.redhat.com/show_bug.cgi?id=2277844 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-21905 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2024-21905
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. • https://www.qnap.com/en/security-advisory/qsa-24-16 • CWE-190: Integer Overflow or Wraparound •