6.8
CVE-2024-47599 - GHSL-2024-247: GStreamer Insufficient error handling in JPEG decoder that can lead to NULL-pointer β¦
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this hβ¦
5.1
CVE-2024-47598 - GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isnβt properly checked before reading stts_duration, allowing the pβ¦
5.1
CVE-2024-47597 - GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following codβ¦
5.1
CVE-2024-47596 - GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaβ¦
6.9
CVE-2024-47546 - GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtracβ¦
5.3
CVE-2024-12480 - cjbi wetech-cms TopicDao.java searchTopic sql injection
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible tβ¦
6.9
CVE-2024-47545 - GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happenβ¦
6.8
CVE-2024-47544 - GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling
GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.
9.1
CVE-2024-45337 - Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered isβ¦
5.1
CVE-2024-47543 - GHSL-2024-236: GStreamer has an OOB-read in qtdemux_parse_container
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causesβ¦