Debian Brotli vulnerabilities

CVE-2020-8927 [MEDIUM] CVE-2020-8927: brotli - A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an ... A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "

CVE-2016-1624 [HIGH] CVE-2016-1624: brotli - Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Bro... Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. Scope: local bookworm: resolved (fixed in 0.3.0+dfsg-3) bullseye: resolved (fixed in

CVE-2016-1968 [HIGH] CVE-2016-1968: brotli - Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remo... Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. Scope: local bookworm: resolved (fixed in 0.3.0+dfsg-3) bullseye: resolved (fixed in 0.3.0+dfsg-3) forky: resolved (fixed in 0.3.0+dfsg-3) sid: resolved (fixed in