The vulnerability of the mp4ff_read_stco function in software for working with audio files, found in the Freeware Advanced Audio Decoder 2 (FAAD2) software, allows a hacker to trigger a service denial.

The vulnerability of the mp4ffreadstco function in software for working with audio files, found in the Freeware Advanced Audio Decoder 2 FAAD2, relates to the execution of a loop without sufficient restrictions on its execution count. Exploiting this vulnerability could allow an attacker to cause...

EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)

According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service memory consumption via an XML Entity Expansion XEE...

OPENSUSE-SU-2019:2632-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

OPENSUSE-SU-2019:2615-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:2632-1 Rating: moderate References: 1120653 1120654 1124341 1124342 1155079 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 Affected Products: openSUSE...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:2615-1 Rating: moderate References: 1120653 1120654 1124341 1124342 1155079 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 Affected Products: openSUSE...

SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:3093-1)

This update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

SUSE-SU-2019:3093-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

SUSE-SU-2019:3092-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

Debian: Security Advisory (DLA-2013-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the mp4ff_read_stsd function (common/mp4ff/mp4atom.c) in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a hacker to trigger a service denial.

The vulnerability of the mp4ffreadstsd function common/mp4ff/mp4atom.c in the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is caused by reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created...

The vulnerability of the mp4ff_read_stco function (common/mp4ff/mp4atom.c) in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a hacker to trigger a service denial.

The vulnerability of the mp4ffreadstco function common/mp4ff/mp4atom.c in the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure using a...

The vulnerability of the mp4ff_read_stsc function (common/mp4ff/mp4atom.c) in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a hacker to trigger a service denial.

The vulnerability of the mp4ffreadstsc function in the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure using a specially created mp4 fi...

libarchive security and bug fix update

3.3.2-7 - fix use-after-free in delayed newc link processing 1602575 - fix a few obvious resource leaks and strcpy misuses 1602575 3.3.2-6 - fixed use after free in RAR decoder 1700752 - fixed double free in RAR decoder 1700753 3.3.2-5 - release bump due to gating 1680768 3.3.2-4 - fix...

Debian: Security Advisory (DLA-1985-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1985-1] djvulibre security update

Package : djvulibre Version : 3.5.25.4-4+deb8u2 CVE ID : CVE-2019-18804 It was discovered that there was a NULL pointer dereference issue in the IW44 encoder/decoder within DjVu, a set of compression technologies for high-resolution ssues. For Debian 8 "Jessie", this issue has been fixed in...

xvid:fuzzer-decoder: Use-of-uninitialized-value in BitstreamReadHeaders

Detailed Report: https://oss-fuzz.com/testcase?key=5670159510929408 Project: xvid Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzermsanxvid Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: BitstreamReadHeaders decoderdecode xviddecore...

xvid:fuzzer-decoder: Stack-buffer-overflow in BitstreamReadHeaders

Detailed Report: https://oss-fuzz.com/testcase?key=5747834934001664 Project: xvid Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzerasanxvid Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7ffc9e066120 Crash State: BitstreamReadHeaders decoderdeco...

libarchive: Double free in RAR decoder resulting in a denial of service

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archivereadsupportformatrar.c, parsecodes, reallocrar-lzss.window, newsize with newsize = 0 that can result in Crash/DoS. Thi...

libarchive: Use after free in RAR decoder resulting in a denial of service

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archivereadsupportformatrar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be...