5955 matches found
openSUSE Security Update : vlc (openSUSE-2016-755)
This update for vlc to version 2.1.6 fixes the following issues : These CVE were fixed : - CVE-2016-5108: Reject invalid QuickTime IMA files boo984382. - CVE-2016-3941: Heap overflow in processing wav files boo973354. These security issues without were fixed : - Fix heap overflow in decomp stream...
CVE-2016-4574
Off-by-one error in the appendutf8value function in the DN decoder dn.c in Libksba before 1.3.4 allows remote attackers to cause a denial of service out-of-bounds read via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356...
DEBIAN-CVE-2016-4356
The appendutf8value function in the DN decoder dn.c in Libksba before 1.3.3 allows remote attackers to cause a denial of service out-of-bounds read by clearing the high bit of the byte after invalid utf-8 encoded data...
CVE-2016-4356
The appendutf8value function in the DN decoder dn.c in Libksba before 1.3.3 allows remote attackers to cause a denial of service out-of-bounds read by clearing the high bit of the byte after invalid utf-8 encoded data...
DEBIAN-CVE-2016-4355
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service crash via crafted BER data, which leads to a buffer overflow...
CVE-2016-4353
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...
CVE-2016-4353
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...
Stack overflow
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...
CVE-2016-4355
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service crash via crafted BER data, which leads to a buffer overflow...
CVE-2016-4353
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...
CVE-2016-4574
Off-by-one error in the appendutf8value function in the DN decoder dn.c in Libksba before 1.3.4 allows remote attackers to cause a denial of service out-of-bounds read via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356...
CVE-2016-4574
CVE-2016-4574 affects Libksba before 1.3.4, where an off-by-one/error in the DN decoder’s append_utf8_value can cause an out-of-bounds read leading to denial of service when processing invalid UTF-8 data. The vulnerability stems from an incomplete fix for CVE-2016-4356. Connected advisories (Debi...
CVE-2016-4354
CVE-2016-4354 affects Libksba prior to 1.3.3. The ber-decoder.c component uses an incorrect integer data type, allowing remote attackers to crash the process and cause a buffer overflow via crafted BER data. The issue is documented across multiple sources (OSV/OSVDEV, NVD references). Affected ve...
CVE-2016-4353
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...
CVE-2016-4574
Off-by-one error in the appendutf8value function in the DN decoder dn.c in Libksba before 1.3.4 allows remote attackers to cause a denial of service out-of-bounds read via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356...
CVE-2016-2479
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSyste...
CVE-2016-2463
Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media...
UBUNTU-CVE-2016-2463
Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media...
Debian DSA-3598-1 : vlc - security update
Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
DSA-3598-1 vlc - security update
Bulletin has no description...