An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. (CVE-2022-3109) References:
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. (CVE-2022-4515)
xrdp less than v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. (CVE-2022-23468) xrdp less than v0.9.21 contain a buffer over flow in audin_send_open() function. (CVE-2022-23477)
Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. This is only relevant when enabling the ext transport
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). (CVE-2021-33640)
Fixes len integer overflow issue. (RHBZ#2149975) Ultrajson doesn't build on webassembly (e.g. pyodide) because the version of double-conversion used is too old. This updates it to a newer version which supports webassembly.
The updated packages fix security vulnerabilities and other issues. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=31330
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. (CVE-2022-47629) References: - https://bugs.mageia.org/show_bug.cgi?id=31311
Drag and Dropped Filenames could have been truncated to malicious extensions. (CVE-2022-46874) References: - https://bugs.mageia.org/show_bug.cgi?id=31307
