GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

EUVD-2018-21843

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

OESA-2026-2210 libtheora security update

Theora is a free and open video compression format from the Xiph.org Foundation. Like all our multimedia technology it can be used to distribute film and video online and on disc without the licensing and royalty fees or vendor lock-in associated with other formats. Security Fixes: A flaw was fou...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

CVE-2026-5673

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI Audio Video Interleave parser, specifically in the aviparseinputfile function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a...

CVE-2026-5673

CVE-2026-5673 affects libtheora’s AVI parser. The flaw is a heap-based out-of-bounds read in the avi_parse_input_file() function triggered by a crafted AVI file with a truncated header sub-chunk. Local attackers can exploit this by tricking a user into opening such a file, leading to a potential ...

CVE-2026-5673 Libtheora: libtheora: denial of service or information disclosure via malformed avi file processing

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI Audio Video Interleave parser, specifically in the aviparseinputfile function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a...

CVE-2026-5673

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI Audio Video Interleave parser, specifically in the aviparseinputfile function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

EUVD-2019-20029

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function ...

UBUNTU-CVE-2025-70299

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

SUSE CVE-2018-13302

In FFmpeg 4.0.1, improper handling of frame types other than EAC3FRAMETYPEINDEPENDENT that have multiple independent substreams in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or...

UBUNTU-CVE-2020-21697

A heap-use-after-free in the mpegmuxwritepacket function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service DOS via a crafted avi file...

DEBIAN-CVE-2021-25802

A buffer overflow vulnerability in the AVIExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file...

VideoLAN VLC Media Player 缓冲区错误漏洞

VideoLAN VLC is an open source cross-platform multimedia player and framework that can play most multimedia files, as well as DVDs, audio CDs, VCDs and various streaming protocols.The Parseindx component in VideoLAN VLC version 3.0.11 suffers from a buffer overflow vulnerability that can be...

VideoLAN VLC Media Player 缓冲区错误漏洞

VideoLAN VLC is an open source cross-platform multimedia player and framework that can play most multimedia files, as well as DVDs, audio CDs, VCDs, and various streaming protocols. a buffer overflow vulnerability exists in the AVIExtractSubtitle component of VideoLAN VLC version 3.0.11, which ca...

The vulnerability of the animation reproduction function in Blender’s software for creating 3D computer graphics is caused by a full-integer overflow, allowing an attacker to execute arbitrary code.

The vulnerability of the animation reproduction function in Blender’s 3D computer graphics software is caused by a numerical overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created AVI file...

DEBIAN-CVE-2018-13300

In FFmpeg 3.2 and 4.0.1, an improper argument AVCodecParameters passed to the avprivrequestsample function in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information...

UBUNTU-CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...