CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38104 – GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38104
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/uploads/d4a0aa4ec2165f6c418703b9e1459d8b/0002-rmdemux-Check-for-integer-overflow-when-calculation-.patch https://www.zerodayinitiative.com/advisories/ZDI-23-1008 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38103 – GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38103
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/uploads/d4a0aa4ec2165f6c418703b9e1459d8b/0002-rmdemux-Check-for-integer-overflow-when-calculation-.patch https://www.zerodayinitiative.com/advisories/ZDI-23-1007 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38600 – Apple Safari TypedArray copyWithin Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38600
The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. • http://www.openwall.com/lists/oss-security/2023/08/02/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213841 https://support.apple.com/en-us/HT213843 https://support.apple.com/en-us/HT213846 https://support.apple.com/en-us/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22045 – OpenJDK: array indexing integer overflow issue (8304468)
https://notcve.org/view.php?id=CVE-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html https://security.netapp.com/advisory/ntap-20230725-0006 https://www.debian.org/security/2023/dsa-5458 https://www.debian.org/security/2023/dsa-5478 https://www.oracle.com/security-alerts/cpujul2023.html https://access.redhat.com/security/cve/CVE-2023-22045 https://bugzilla.redhat.com/show_bug.cgi?id=2221645 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33065 – libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS
https://notcve.org/view.php?id=CVE-2022-33065
Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. Libsndfile is vulnerable to integer overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c allows an attacker to cause Denial of Service. • https://github.com/libsndfile/libsndfile/issues/789 https://github.com/libsndfile/libsndfile/issues/833 https://access.redhat.com/security/cve/CVE-2022-33065 https://bugzilla.redhat.com/show_bug.cgi?id=2238934 • CWE-190: Integer Overflow or Wraparound •