CVE-2016-8710

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggere...

Heap overflow

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggere...

CVE-2016-8710

CVE-2016-8710 is a heap-write-out-of-bounds vulnerability in Libbpg’s BPG image decoding. The issue arises in the HEVC decoding path (restore_tqb_pixels) due to an integer underflow that allows out-of-bounds writes to heap memory, potentially enabling remote code execution when processing a craft...

PT-2017-9753 · Libbpg +1 · Libbpg +1

Name of the Vulnerable Software and Affected Versions: Libbpg library affected versions not specified Description: A heap write out of bounds vulnerability exists in the decoding of BPG images in the Libbpg library. Decoding a crafted BPG image can cause an integer underflow vulnerability, leadin...

Libbpg BGP image decoding Code Execution Vulnerability

Summary An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be...

CVE-2015-1860 analysis: Qt module for processing GIFs cause a crash-bug warning-the black bar safety net

Vulnerability background Qt is a cross-platform graphical interface programming Framework, and its version is less than 4. 8. 7 and 5. x is less than 5. 4. 2 analytical picture of the process for cross-border inspections of improper handling, will result in the memcpy of the process occurs out of...

CentOS Update for gstreamer-plugins-good CESA-2017:0019 centos7

Check the version of gstreamer-plugins-good SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gstreamer security update

CentOS Errata and Security Advisory CESA-2017:0019 An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

Real Time Network Monitoring: Cyberprobe

Real Time Network Monitoring Cyberprobe is a distrbuted architecture for real-time monitoring of networks against attack. The software consists of a number of components, including: a probe, which collects data packets and forwards it over a network in standard streaming protocols. a monitor, whi...

GnuTLS -- Memory corruption vulnerabilities

The GnuTLS project reports: It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted OpenPGP certificate could lead to heap and stack overflows. GNUTLS-SA-2017-2 It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted X.509 certificat...

RedHat Update for gstreamer-plugins-good RHSA-2017:0019-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : gstreamer-plugins-good on SL7.x x86_64 (20170105)

Security Fixes : - Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

gstreamer-plugins-good: Invalid memory read in flx_decode_chunks

An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash...

gstreamer-plugins-good: Invalid memory read in flx_decode_chunks

An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash...

CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash...

Cross-site Scripting (XSS)

jquery-mobile is vulnerable to Cross-site Scripting XSS. The vulnerability exists because it decodes the username:password of location.href in the url without encoding them first...

Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application CVE-2016-9634,...

Fedora 24 : botan (2016-7de64a450f)

Botan 1.10.14 - NOTE WELL: Botan 1.10.x is supported for security patches only until 2017-12-31 - Fix integer overflow during BER decoding, found by Falko Strenzke. This bug is not thought to be directly exploitable but upgrading ASAP is advised. CVE-2016-9132 - Fix two cases where in error...

Fedora 25 : botan (2016-3b59109c48)

Botan 1.10.14 - NOTE WELL: Botan 1.10.x is supported for security patches only until 2017-12-31 - Fix integer overflow during BER decoding, found by Falko Strenzke. This bug is not thought to be directly exploitable but upgrading ASAP is advised. CVE-2016-9132 - Fix two cases where in error...

CVE-2016-7502

The cavsidct8addc function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavsdecode...