VYPR

rpm package

suse/mozjs78&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6

pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Vulnerabilities (5)

  • CVE-2024-56431Dec 25, 2024
    affected < 78.15.0-150400.3.14.1fixed 78.15.0-150400.3.14.1

    oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

  • CVE-2024-50602Oct 27, 2024
    affected < 78.15.0-150400.3.11.1fixed 78.15.0-150400.3.11.1

    An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

  • CVE-2024-45492CriAug 30, 2024
    affected < 78.15.0-150400.3.6.2fixed 78.15.0-150400.3.6.2

    An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2024-45491CriAug 30, 2024
    affected < 78.15.0-150400.3.6.2fixed 78.15.0-150400.3.6.2

    An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2024-45490HigAug 30, 2024
    affected < 78.15.0-150400.3.6.2fixed 78.15.0-150400.3.6.2

    An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.