exiv2 -- Out-of-bounds read in AsfVideo::streamProperties

Kevin Backhouse reports: An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0, so Exiv2 versions before v0.28 are not affected. The out-of-bounds read is triggered when Exiv2 is used to read the...

Fedora: Security Advisory for apache-commons-pool (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: apache-commons-pool-1.6-37.fc40

The goal of Pool package is it to create and maintain an object instance pooling package to be distributed under the ASF license. The package should support a variety of pool implementations, but encourage support of an interface that makes these implementations interchangeable...

PT-2023-26864 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.0 through 5.5 Description: A stack buffer overflow vulnerability discovered in AsfSecureBootDxe allows attackers to run arbitrary code execution during the DXE phase. Recommendations: For versions 5.0 through 5.5, conside...

Oracle Linux 7 : GStreamer (ELSA-2017-2060)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2060 advisory. clutter-gst2 2.0.18-1 - Update to 2.0.18 - Remove obsolete patches - Use license macro for COPYING - Resolves: 1386833 gnome-video-effects 0.4.3-1 -...

[SECURITY] Fedora 38 Update: loudgain-0.6.8-13.fc38

loudgain is a versatile ReplayGain 2.0 loudness normalizer, based on the EBU R128/ITU BS.1770 standard -18 LUFS and supports FLAC/Ogg/MP2/MP3/MP4/M4A/ALAC/Opus/ASF/WMA/WAV/WavPack/AIFF/APE audio files. It uses the well-known mp3gain commandline syntax but will never modify the actual audio data...

Fedora: Security Advisory for loudgain (FEDORA-2023-a5e10b188a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE CVE-2004-1285

Buffer overflow in the getheader function in asfmmststreaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream...

SUSE CVE-2006-0579

Multiple integer overflows in 1 the newdemuxpacket function in demuxer.h and 2 the demuxasfreadpacket function in demuxasf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this informati...

SUSE CVE-2006-1502

Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via 1 a certain ASF file handled by asfheader.c that causes the asfdescrambling function to be passed a negative integer after the conversion from a char t...

SUSE CVE-2012-2392

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service infinite loop via vectors related to the 1 ANSI MAP, 2 ASF, 3 IEEE 802.11, 4 IEEE 802.3, and 5 LTP dissectors...

SUSE CVE-2014-1684

The ASFReadObjectfileproperties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service divide-by-zero error and crash via a zero minimum and maximum data packet size in an ASF file...

SUSE CVE-2017-14223

In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...

SUSE CVE-2017-18236

An issue was discovered in Exempi before 2.4.4. The ASFSupport::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASFSupport.cpp allows remote attackers to cause a denial of service infinite loop via a crafted .asf file...

SUSE CVE-2018-1999011

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asfo format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be...

SUSE CVE-2019-14534

In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack...

SUSE CVE-2019-14535

A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file...

asf-leckanzeiger.de Cross Site Scripting vulnerability OBB-3168865

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-25687

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

PT-2022-17463 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to memory corruption in video due to a buffer overflow that occurs while parsing ASF clips. This problem affects various Qualcomm Snapdragon products,...