CVE-2021-30737

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously craft...

The vulnerability of the Media MPEG-4 Video Decoder video file decoder for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Media MPEG-4 Video Decoder video file decoder for Windows operating systems is related to improper handling of code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code through a specially created request...

OSV-2021-1181 Heap-buffer-overflow in draco::MeshPredictionSchemeTexCoordsDecoder<int, draco::PredictionSchemeWrapDeco

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37814 Crash type: Heap-buffer-overflow WRITE 4 Crash state: draco::MeshPredictionSchemeTexCoordsDecoderint, draco::PredictionSchemeWrapDeco draco::MeshPredictionSchemeTexCoordsDecoderint, draco::PredictionSchemeWrapDeco...

GHSA-F6G6-54HM-FHXV Data races in libsbc

Affected versions of this crate implements Send for Decoder for any R: Read. This allows Decoder to contain R: !Send and carry move it to another thread. This can result in undefined behavior such as memory corruption from data race on R, or dropping R = MutexGuard from a thread that didn't lock...

Data races in libsbc

Affected versions of this crate implements Send for Decoder for any R: Read. This allows Decoder to contain R: !Send and carry move it to another thread. This can result in undefined behavior such as memory corruption from data race on R, or dropping R = MutexGuard from a thread that didn't lock...

Incorrect buffer size calculation in iced-x86

An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...

GHSA-M2PF-HPRP-3VQM Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

DEBIAN-CVE-2021-21846

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

DEBIAN-CVE-2021-21847

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

DEBIAN-CVE-2021-21845

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

DEBIAN-CVE-2021-21854

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflo...

UBUNTU-CVE-2021-21845

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

UBUNTU-CVE-2021-21847

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

UBUNTU-CVE-2021-21846

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

UBUNTU-CVE-2021-21858

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflo...

PT-2021-6599 · Unknown +1 · Gpac Project On Advanced Content Library +1

Name of the Vulnerable Software and Affected Versions: GPAC Project on Advanced Content library version 1.0.1 Description: The issue is related to the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library. A specially crafted MPEG-4 input at the "stss" decoder can cause an...

Bento4 代码问题漏洞

A denial-of-service vulnerability exists in Bento4, an open source C library for reading and writing MP4 files. The vulnerability stems from a null pointer dereference in the AP4DecoderConfigDescriptor::WriteFields component of /Core/Ap4Descriptor.h. An attacker could exploit this vulnerability t...

GPAC 输入验证错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...