CVE-2017-9608

The CVE-2017-9608 entry affects the FFmpeg dnxhd decoder. Public details indicate that FFmpeg versions prior to 3.2.6, and 3.3.x prior to 3.3.3, are vulnerable to a crafted MOV file that can cause a denial of service via a NULL pointer dereference. The issue is tied to the DNxHD decoding path in ...

CVE-2017-9608

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted mov file...

CVE-2017-17880

In ImageMagick 7.0.7-16 Q16 x8664 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBPDECODERABIVERSION check...

CVE-2017-17880

In ImageMagick 7.0.7-16 Q16 x8664 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBPDECODERABIVERSION check...

Advance Android Malware Analysis Framework: Droidefense

Droidefense originally named atom: analysis through observation machine is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has...

[SECURITY] Fedora 26 Update: jbig2dec-0.14-1.fc26

jbig2dec is a decoder implementation of the JBIG2 image compression format. JBIG2 is designed for lossy or lossless encoding of 'bilevel' 1-bit monochrome images at moderately high resolution, and in particular scanned paper documents. In this domain it is very efficient, offering compression...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-34912)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in the H.26 decoder function in Cisco Meeting Server. A remote attacker can exploit this...

CVE-2017-12311

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid...

CVE-2017-12311

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid...

Design/Logic Flaw

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid...

CVE-2017-12311

CVE-2017-12311: Cisco Meeting Server contains an H.264 decoder vulnerability that can be exploited remotely by sending a malformed H.264 frame with an invalid PPS, triggering a DoS by causing the media process to restart. Impact is a brief service interruption as the media session re-establishes ...

CVE-2017-12311

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid...

FFmpeg Buffer Out-of-Bounds Read Vulnerability

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A buffer out-of-bounds read vulnerability exists in the readheader function in libavcodec/ffv1dec.c in 3.3.4 and earlier versions of Ffmpeg. An...

Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability(CVE-2017-5133)

Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a...

Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability

Google PDFium is Google in the BSD 3-Clause license under the open source , based on Foxit technology , embedded in Google Chrome's PDF rendering engine . Google PDFium TIFF Image Flate decoder there are code execution vulnerabilities, attackers can exploit the vulnerabilities lead to memory...

Memory Leaks Through Double-free

FFmpeg is vulnerable to memory leaks. These occur through a double-free vulnerability cause when parsing an AVI file to a MKV file using the ffvhuff decoder...

Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability

Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a...

librawspeed: Use-of-uninitialized-value in rawspeed::RawImageData::checkMemIsInitialized

Project: https://github.com/darktable-org/rawspeed.git Detailed report: https://oss-fuzz.com/testcase?key=4923578240729088 Project: librawspeed Fuzzer: libFuzzerlibrawspeedRawParserFuzzer-GetDecoder-Decode Fuzz target binary: RawParserFuzzer-GetDecoder-Decode Job Type: libfuzzermsanlibrawspeed...

[SECURITY] Fedora 27 Update: mpg123-1.25.6-1.fc27

Real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3 most commonly MPEG 1.0 layer 3 aka MP3, as well as re-usable decoding and output libraries...

Adobe Acrobat Reader DC jpeg decoder Remote Code Execution Vulnerability(CVE-2017-2971)

Summary A use of uninitialized memory vulnerability exists in JPEG image file format decoding code of Adobe Acrobat Reader which ultimately leads to a heap-based buffer overflow which can be abused to achieve remote code execution. A specially crafted PDF file with an embedded JPEG can trigger th...