Fedora 25 : gstreamer1-plugins-good (2016-c883d07fba)

Add fix for gstreamer FLIC decoder vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

openSUSE Security Update : ffmpeg (openSUSE-2016-1365)

This update to ffmpeg 3.2 fixes the following issues : - CVE-2016-5199: Heap corruption in FFmpeg boo1009892 FFmpeg was updated to version 3.2, incorporating the following upstream improvements : - SDL2 output device and ffplay support - SDL1 output device and SDL1 support removed - New: libopenm...

Ubuntu system actually exists Nintendo red and white game machine vulnerability-vulnerability warning-the black bar safety net

Recently security researchers Evans in the Ubuntu system found a very interesting vulnerability, this vulnerability also with Nintendo the year of the 8-bit consoles（NES, or FC. Evans said that in Ubuntu 12.04.5 version of the multimedia framework in the presence of a vulnerability, the...

CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...

Komfy Switch with Camera DKZ-201S/W - Wifi Password Disclosure Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/python Exploit Title: Komfy Switch with Camera Wifi Password Disclosure via Bluetooth BLE Date: Oct 13, 2016 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage:...

JasPer Null Pointer Backreference Vulnerability

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. JasPer bmpdec.c:394:5 contains a null pointer back-reference vulnerability that can be exploited by an attacker to crash an application and deny service to a legitimate user...

JasPer null pointer back-reference vulnerability (CNVD-2016-10303)

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A security vulnerability exists in JasPer bmpdec.c:398:5, which can be exploited by attackers to crash an application and deny service to legitimate users...

DLA-655-1 mpg123 - security update

Bulletin has no description...

Vulnerability alert: JPEG 2 0 0 0 a vulnerability to execute arbitrary code-a vulnerability warning-the black bar safety net

Vulnerability number CVE-2 0 1 6-8 3 3 2 TALOS-2 0 1 6-0 1 9 3 Affected version OpenJpeg openjp2 2.1.1 Vulnerability description Recently, Cisco's Talos security team disclosed a JPEG 2 0 0 0 of a zero-day exploit, the vulnerability can execute arbitrary code. OpenJPEG is an open-source JPEG 2 0 ...

DEBIAN-CVE-2016-3881

The decoderpeeksiinternal function in vp9/vp9dxiface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service buffer over-read, and device hang or reboot vi...

CVE-2016-3878

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 29493002...

CVE-2016-3872

Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675...

UBUNTU-CVE-2016-3871

Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022...

UBUNTU-CVE-2016-3872

Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675...

CVE-2016-3878

Summary: CVE-2016-3878 affects Android 6.x Mediaserver, specifically decoder/ih264d_api.c in mediaserver, where decoding zero MBs is mishandled. This can allow a remote attacker to trigger a denial of service (device hang or reboot) via a crafted media file. Root cause (as stated): mishandling of...

CVE-2016-7534

The generic decoder in ImageMagick allows remote attackers to cause a denial of service out-of-bounds access via a crafted file...

UBUNTU-CVE-2016-7534

The generic decoder in ImageMagick allows remote attackers to cause a denial of service out-of-bounds access via a crafted file...

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...

CVE-2016-3830

codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service device hang or reboot via crafted ADTS data, aka internal bug 29153599...

CVE-2016-3829

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 29023649...