CVE-2022-42798

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user...

Information disclosure

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user...

CVE-2022-42798

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user...

SUSE SLED15 / SLES15 Security Update : libmad (SUSE-SU-2022:3782-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3782-1 advisory. - The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote...

Denial Of Service (DoS)

nginx is vulnerable to denial of service. The vulnerability exists due to a memory corruption in ngxhttpmp4module when the mp4 directive is used in the configuration file which allows an attacker to cause an application crash using a specially crafted audio or video file...

FreeBSD : nginx -- Two vulnerabilities (676d4f16-4fb3-11ed-a374-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 676d4f16-4fb3-11ed-a374-8c164567ca3c advisory. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before...

CVE-2022-41743

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when...

Design/Logic Flaw

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

CVE-2022-41743 NGINX ngx_http_hls_module vulnerability CVE-2022-41743

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when...

CVE-2022-41743 NGINX ngx_http_hls_module vulnerability CVE-2022-41743

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when...

CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

GLSA-202209-13 : libaacplus: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202209-13 libaacplus: Denial of Service - auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have...

CVE-2016-0796

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a...

CVE-2022-22084

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2022-22084

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2022-22084

CVE-2022-22084: Memory corruption occurs when extracting qcp audio files due to a missing data-length check in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables). Affected are Qualcomm Snapdragon environments; root cause is...

CVE-2021-46817

Adobe Media Encoder version 15.4 and earlier are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict...

AZL-45270 CVE-2022-31650 affecting package sox 14.4.2.0-34

In SoX 14.4.2, there is a floating-point exception in lsxaiffstartwrite in aiff.c in libsox.a...

SoX 输入验证错误漏洞

SoX is a set of open source audio processing tools. The product supports playing, converting and recording audio in multiple formats. A security vulnerability exists in SoX version 14.4.2, which stems from a floating point exception in lsxaiffstartwrite in aiff.c in libsox.a. The vulnerability is...

CVE-2017-17054

In aubio 0.4.6, a divide-by-zero error exists in the function newaubiosourcewavread in sourcewavread.c, which may lead to DoS when playing a crafted audio file...