CVE-2017-9254

The mp4ffreadstts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 FAAD2 2.7 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mp4 file...

CVE-2017-9218

CVE-2017-9218 affects Freeware Advanced Audio Decoder 2 (FAAD2) 2.7. The vulnerable component is mp4ff_read_stsd in common/mp4ff/mp4atom.c, where crafted MP4 files can trigger an invalid memory read leading to an application crash (denial of service). Connected sources corroborate the same descri...

CVE-2017-9219

The mp4ffreadstsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 FAAD2 2.7 allows remote attackers to cause a denial of service memory allocation error and application crash via a crafted mp4 file...

CVE-2017-9220

The mp4ffreadstco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 FAAD2 2.7 allows remote attackers to cause a denial of service memory allocation error via a crafted mp4 file...

PT-2017-3886 · Freeware +1 · Faad2 +1

Name of the Vulnerable Software and Affected Versions: Freeware Advanced Audio Decoder 2 FAAD2 version 2.7 Description: The issue is caused by a buffer overflow in the mp4ff read stsd function, located in common/mp4ff/mp4atom.c, which can lead to a denial of service. This can be triggered by a...

PT-2017-3347 · Audiocoding +1 · Faad2 +1

Name of the Vulnerable Software and Affected Versions: FAAD2 version 2.7 Description: The issue is related to the mp4ff read ctts function in the common/mp4ff/mp4atom.c file, which can cause a denial of service due to large loop and CPU consumption when processing a crafted mp4 file. This is a...

PT-2017-3890 · Faad2 +1 · Faad2 +1

Name of the Vulnerable Software and Affected Versions: FAAD2 version 2.7 Description: The issue is related to the mp4ff read stts function in the common/mp4ff/mp4atom.c file of the FAAD2 audio decoder. It allows remote attackers to cause a denial of service, resulting in an invalid memory read an...

PT-2017-3889 · Freeware Advanced Audio Coder +1 · Faad2 +1

Name of the Vulnerable Software and Affected Versions: FAAD2 version 2.7 Description: The issue is related to the mp4ff read mdhd function in the common/mp4ff/mp4atom.c file of the Freeware Advanced Audio Decoder 2 FAAD2. It is caused by a buffer overflow in memory, allowing an attacker to cause ...

PT-2017-3908 · Freeware +1 · Faad2 +1

Name of the Vulnerable Software and Affected Versions: Freeware Advanced Audio Decoder 2 FAAD2 version 2.7 Description: The issue is related to the mp4ff read stco function, which can lead to a denial of service due to excessive CPU consumption caused by a large loop. This can be triggered by a...

PT-2017-3887 · Audiocoding +1 · Faad2 +1

Name of the Vulnerable Software and Affected Versions: FAAD2 version 2.7 Description: The issue is related to the mp4ff read stsc function in the FAAD2 audio decoder, which can cause a buffer overflow in memory. This can be exploited by an attacker using a specially crafted mp4 file, potentially...

UBUNTU-CVE-2017-9871

The IIIistereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

JasPer 'jp2_dec.c' Remote Heap Buffer Overflow Vulnerability

JasPer is an open source project that aims to provide a free software-based reference implementation of the codecs specified in the JPEG-2000 Part-1 standard. JasPer suffers from a remote heap buffer overflow vulnerability that stems from a failure to perform proper boundary checking on...

[SECURITY] Fedora 24 Update: capnproto-0.5.3.1-1.fc24

Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protoco l Buffers. Th...

[SECURITY] Fedora 26 Update: capnproto-0.6.1-3.fc26

Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protoco l Buffers. Th...

Debian DLA-953-1 : graphicsmagick security update

Chris Evans discovered that graphicsmagick used uninitialized memory in the RLE decoder, allowing an remote attacker to leak sensitive information from process memory space. More information are available at: https://scarybeastsecurity.blogspot.de/2017/05/bleed-continues-18-byte...

[SECURITY] [DLA 953-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u7 CVE ID : CVE-2017-9098 Debian Bug : 862967 Chris Evans discovered that graphicsmagick used uninitialized memory in the RLE decoder, allowing an remote attacker to leak sensitive information from process memory space. More information are...

VLC Media Player 2.x < 2.2.5.1 Multiple Vulnerabilities

Binary data 700122.prm...

CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

Design/Logic Flaw

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...