CVE-2024-36619

FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service DoS condition...

PT-2024-27095 · FFmpeg +1 · Ffmpeg +1

Name of the Vulnerable Software and Affected Versions: FFmpeg version n7.0 Description: The issue is related to a race condition in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while bein...

CVE-2024-36617

CVE-2024-36617 affects FFmpeg n6.1.1 with an integer overflow in the CAF decoder. The CVSS gives a MEDIUM overall risk (6.2), attack vector LOCAL, requiring no user interaction, with the impact limited to availability (I=NONE, A=HIGH). The vulnerability is tied to the FFmpeg CAF demux/decoder cod...

CVE-2024-36617

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder...

CVE-2024-36615

The CVE-2024-36615 entry concerns FFmpeg n7.0: a race condition in the VP9 decoder that can cause a data race if video encoding parameters are exported, with side data attached in the decoder thread while read in the output thread. Connected sources (Debian DLA-4440 and OpenSUSE/SUSE advisories) ...

SUSE CVE-2024-11704

A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox 133, Thunderbird 133, Firefox ESR 128.7,...

DEBIAN-CVE-2024-11704

A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox 133, Thunderbird 133, Firefox ESR 128.7,...

CVE-2017-11076 Use of Out-of-range Pointer Offset in Video

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder...

kernel: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report 1, cxltest was updated to register mock memory-devices after the mock root-port/bus device had been...

The vulnerability of the hevc_frame_end function (libavcodec/hevcdec.c) in the FFmpeg multimedia library allows a hacker to disclose protected information.

The vulnerability of the hevcframeend function in the FFmpeg multimedia library libavcodec/hevcdec.c relates to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to disclose protected information...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from the frame size not being properly programmed into the decoder hardware, which could result in invalid memory accesses by the decoder...

mozilla -- double free error

[email protected] reports: A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption...

Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2024-2926)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-11498

A flaw was found in the libjxl package. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack. This may lead to excessive memory usage, causing a denial of service...

CVE-2024-11403

A flaw was found in the libjxl package. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression, such as using JxlEncoderAddJPEGFrame on untrusted input, does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli,...

CVE-2024-11403

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds in the presence o...

CVE-2024-11403

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds in the presence o...

DEBIAN-CVE-2024-11498

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...

CVE-2024-11498

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...

CVE-2024-11498

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...