CVE-2017-6997

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of servic...

CVE-2017-0594

CVE-2017-0594 affects Android Mediaserver’s Mediaserver component, specifically codecs/aacenc/SoftAACEncoder2.cpp in libstagefright. The issue is an elevation of privilege vulnerability that could allow a local malicious application to execute arbitrary code within the context of a privileged pro...

UBUNTU-CVE-2017-8906

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax in MulticoreWare x265 through 2.4, as used by the x265encoderencode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in th...

CVE-2017-8906

CVE-2017-8906 describes an integer underflow in pixel-a.asm (planeClipAndMax) in MulticoreWare x265 up to version 2.4, as used by x265_encoder_encode in libbpg and other products. A small image can trigger the underflow, leading to a Denial of Service during encoding. The connected documents also...

jasper: use-after-free / double-free in JPC encoder

A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash...

ImageMagick Memory Leak Vulnerability

ImageMagick is the United States ImageMagick Studio, Inc. of a set of open source image processing software, the software can read, convert, write a variety of formats. A memory leak vulnerability in the function named ReadICONImage in the encoder icon.c in ImageMagick version 7.0.5-5 allows remo...

UBUNTU-CVE-2017-8419

LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service stack-based buffer overflow or heap-based buffer overflow or possibly have unspecified other impact via a crafted file, as demonstrated by...

openSUSE Security Update : ffmpeg (openSUSE-2017-524)

This update for ffmpeg to version 3.3 fixes several issues. These security issues were fixed : - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response boo1022920 - CVE-2016-1019...

libav denial of service vulnerability (CNVD-2017-04274)

Libav formerly FFmpeg is Libav team's set of cross-platform audio and video can be recorded, converted to a solution, which includes a libavcodec encoder. A denial of service vulnerability exists in libav. An attacker can exploit this vulnerability to cause a denial of service...

ImageMagick Double Release Vulnerability

ImageMagick is a free software for creating, editing, and compositing images.The use of most of ImageMagick's features comes from the command line tools. A double-release vulnerability in encoder/ tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service applicatio...

[SECURITY] Fedora 25 Update: python-cjson-1.1.0-9.fc25

This module implements a very fast JSON encoder/decoder for Python. JSON stands for JavaScript Object Notation and is a text based lightweight data exchange format which is easy for humans to read/write and for machines to parse/generate. JSON is completely language independent and has multiple...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the getclientmasterkey function within file s2srvr.c, due ...

Vulnerability alert: JPEG 2 0 0 0 a vulnerability to execute arbitrary code-a vulnerability warning-the black bar safety net

Vulnerability number CVE-2 0 1 6-8 3 3 2 TALOS-2 0 1 6-0 1 9 3 Affected version OpenJpeg openjp2 2.1.1 Vulnerability description Recently, Cisco's Talos security team disclosed a JPEG 2 0 0 0 of a zero-day exploit, the vulnerability can execute arbitrary code. OpenJPEG is an open-source JPEG 2 0 ...

Mozilla Firefox and Firefox ESR Heap Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A heap buffer overflow vulnerability exists in the Mozilla Firefox and Firefox ESR 'nsBMPEncoder::AddImageFrame' function, which allows remote attackers to construct a malicious WEB page that can...

UBUNTU-CVE-2016-5278

Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image...

l0l - The Exploit Development Kit

l0l a exploit development kit. with C++ language scripting. Yet, are being developed. Then the beta version will be published. Status Shellcodes : 5 Injectors : 0 Encoders : 0 Backdoors : 6 Install - Requirements : g++ and Python. $ make or, l0l.cpp compile the file.. Exp: $ g++ -o l0l l0l.cpp Ru...

Android on Nexus Qualcomm Component Privilege Acquisition Vulnerability (CNVD-2016-06250)

Android on Nexus 7 is an open source Linux-based operating system for the Nexus 7 smartphone developed by Google and the Open Handset Alliance OHA.Qualcomm is one of the Qualcomm components used in the Qualcomm devices. Qualcomm is a Qualcomm component used in one of Qualcomm's devices. A...

UBUNTU-CVE-2014-9880

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 2013 devices does not validate VENIOCTLGETSEQUENCEHDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm intern...