FFmpeg 'vmd_decode' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'vmddecode' function in the FFmpeg 'libavcodec/vmdvideo.c' file. As the program fails to validate the relationship between the length value and the...

UBUNTU-CVE-2014-9604

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Ut Video data, related to the 1 restoremedian and 2...

glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)

An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application...

Data Stream Encryption: ciphr

Data Stream Encryption Ciphr is a CLI tool for performing and composing encoding, decoding, encryption, decryption, hashing, and other various operations on streams of data. It takes provided data, file data, or data from stdin, and executes a pipeline of functions on the data stream, writing the...

CVE-2014-9317

The decodeihdrchunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file...

DEBIAN-CVE-2014-9316

The mjpegdecodeapp function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file...

FreeBSD : mozilla -- multiple vulnerabilities (7ae61870-9dd2-4884-a2f2-f19bb5784d09)

The Mozilla Project reports : ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...

OracleVM 2.1 : libxml2 (OVMSA-2009-0018)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash CVE-2009-2414, CVE-2009-2416 - Resolves:...

OracleVM 2.1 : libtiff (OVMSA-2009-0027)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix buffer overrun risks caused by unchecked integer overflow CVE-2009-2347 Resolves: 507725 - Fix some more LZW decoding vulnerabilities CVE-2009-2285 Resolves: 507725 - Update upstream URL - Use...

DEBIAN-CVE-2014-8541

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via...

UBUNTU-CVE-2014-8541

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via...

Apple Quicktime multiple security vulnerabilities

Memory corruptions on video decoding, MIDI and m4a...

Nucom ADSL ADSLR5000UN - ISP Credentials Disclosure

Nucom ADSL ADSLR5000UN - ISP Credentials Disclosure !/usr/bin/perl Exploit Author: Sebastián Magof Hardware: Modem Nucom ADSL R5000UNv2 Software Version: R5TC008 Vulnerable file: guidewan.html location: http://gateway/telecomGUI/guidewan.html Bug: ISP usr+pwd disclosure Type: Local Date: 24/09/20...

libav / ffmpeg memory corruption

Memory corruption on FFV1 decoding...

Updated glibc packages fix multiple security vulnerabilities

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes...

Linux/x86-64 - shutdown -h now Shellcode (64 bytes)

Linux/x86-64 - shutdown -h now Shellcode 64 bytes. Shellcode exploit for Linuxx86-64 platform ; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-877.php ; Author: SLAE64-1351 Keyman ; Date:...

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode 105 bytes. Shellcode exploit for Linuxx86-64 platform ; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-867.php ; Author:...

Mozilla Thunderbird Multiple Vulnerabilities-02 (Sep 2014) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Firefox ESR Multiple Vulnerabilities-02 (Sep 2014) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox ESR Multiple Vulnerabilities-02 (Sep 2014) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...