GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

CVE-2021-36937

Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability...

CVE-2021-36937

Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability...

Remote code execution

Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability...

CVE-2021-36937

Technical details for CVE-2021-36937 are not publicly available in the provided documents. The initial description notes a Windows Media MPEG-4 Video Decoder RCE, but no concrete product/version/impact details are supplied here. Monitor for updates.

CVE-2021-36937 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability

...

golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader

An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with xml.NewTokenDecoder it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with EOF within it,...

Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability

...

PT-2021-3905 · Microsoft · Windows Media Mpeg-4 Video Decoder +1

Name of the Vulnerable Software and Affected Versions: Windows Media MPEG-4 Video Decoder affected versions not specified Description: The issue is related to incorrect code generation management in the Windows Media MPEG-4 Video Decoder. It allows remote attackers to execute arbitrary code by...

CVE-2021-38188

An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...

CVE-2021-38188

An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...

CVE-2020-36440

An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder, it implements Send for any R: Read...

Design/Logic Flaw

An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder, it implements Send for any R: Read...

Code injection

An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...

CVE-2020-36440

CVE-2020-36440 : In the libsbc crate for Rust (before 0.1.5), the Decoder type implements Send for any R: Read, allowing it to carry an R that may not be Send. This can enable undefined behavior such as memory corruption or data races if the contained reader is moved across threads. The root caus...

CVE-2020-36440

An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder, it implements Send for any R: Read...

CVE-2021-38188

The CVE-2021-38188 issue concerns the iced-x86 crate (Rust) up to version 1.10.3. The root cause is unsafe use of slice.get_unchecked(slice.length()) in Decoder::new(), which can lead to undefined behavior and potential security impact as described by multiple advisories. Public details consisten...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in Mozilla Rust versions prior to 0.1.5, which stems from a software libsbc crate that implements Send for any Decoder , for any R: Read, and can be exploited by an attacke...

Security Bulletin: A vulnerabilty in encoding/unicode in the UTF-16 decoder has been found in x/text package before v0.3.3 for Go that could lead to an infinite loop and denial of service, affecting IBM Cloud Pak for Applications

Summary A vulnerabilty in encoding/unicode in the UTF-16 decoder has been found in x/text package before v0.3.3 for Go that could lead to an infinite loop and denial of service, affecting IBM Cloud Pak for Applications Vulnerability Details CVEID: CVE-2020-14040 DESCRIPTION: Go Language x/text...