CVE-2020-27828

CVE-2020-27828 (Jasper) is described in connected data as a heap-based buffer overflow in the jpc_enc.c cp_create() path, arising from crafted input. In the CP4S advisory, affected products are Cloud Pak for Security (CP4S) 1.8.1.0, 1.8.0.0, and 1.7.2.0. IBM recommends upgrading to CP4S 1.9.0.0 t...

CVE-2020-27828

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability...

CVE-2020-27824

A flaw was found in OpenJPEG’s encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

UBUNTU-CVE-2020-27824

A flaw was found in OpenJPEG’s encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

JasPer jpc encoder input validation error vulnerability

JasPer is a C-based tool for image processing from the individual developer Michael Adams. The software supports the JPEG-2000 format as defined in ISO / IEC 15444-1 and is primarily used for image encoding and processing. A security vulnerability exists in jpc encoder prior to version 2.0.23 in...

CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Mitigation This flaw can be mitigated by...

CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

UBUNTU-CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2020-27824

A flaw was found in OpenJPEG’s encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

CVE-2020-27828

A flaw was found in the Jasper tool’s jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causing an arbitrary out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Mitigation This flaw can be...

Jiajia MP4 Format Converter is vulnerable to dll hijacking.

Jia Jia MP4 Format Converter is a professional MPEG4 format converter. The MPEG-4 encoder of Jia Jia MP4 Format Converter can help you convert various video formats to MPEG4/AVC video formats. Jiajia MP4 Format Converter suffers from a dll hijacking vulnerability, which can be exploited by an...

PT-2020-6193 · Openjpeg +5 · Openjpeg +5

Name of the Vulnerable Software and Affected Versions: openjpeg versions prior to 2.4.0 Description: The issue is related to an out-of-bounds read in the src/lib/openjp2/pi.c component of the openjpeg library. This occurs when an attacker provides crafted input to be processed by the openjpeg...

PT-2020-6590 · Openjpeg +9 · Openjpeg +9

Name of the Vulnerable Software and Affected Versions: openjpeg versions prior to 2.4.0 Description: The issue is related to a flaw in openjpeg's t2 encoder, which can cause a null pointer dereference when crafted input is processed. This can lead to application availability issues. The flaw is...

Szuray Video Encoder Firmware Command Injection (CVE-2020-24217)

A command injection vulnerability exists in Szuray Video Encoder Firmware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Metasploit Wrap-Up

Keep your eyes peeled for another Metasploit CTF We hosted our third Annualish Metasploit CTF back in January of this year. All 1,000 slots were booked within days of announcing the competition. Because of the resounding success, we'll be hosting the fourth Annualish Metasploit CTF by year’s end...

Adobe Media Encoder < 14.5 Arbitrary Code Execution (APSB20-65)

The version of Adobe Media Encoder installed on the remote Windows host is prior to 14.5. It is, therefore, affected by a vulnerability as referenced in the APSB20-65 advisory. - Adobe Media Encoder version 14.4 and earlier for Windows is affected by an uncontrolled search path vulnerability that...

CVE-2020-24423

Adobe Media Encoder version 14.4 and earlier for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2020-24423

Adobe Media Encoder version 14.4 and earlier for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Design/Logic Flaw

Adobe Media Encoder version 14.4 and earlier for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2020-24423 Uncontrolled Search Path in Adobe Media Encoder for Windows

Adobe Media Encoder version 14.4 and earlier for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...