CVE-2015-6821

The ffmpvcommoninit function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via crafted MPEG data...

UBUNTU-CVE-2015-6825

The ffframethreadinit function in libavcodec/pthreadframe.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via a crafted file, as demonstrated by an A...

CVE-2015-6825

FFmpeg vulnerability CVE-2015-6825 affects libavcodec/pthread_frame.c, where ff_frame_thread_init mishandles certain memory-allocation failures, enabling remote attackers to trigger a denial of service via a crafted AVI file (invalid pointer access). The issue is documented across multiple source...

CVE-2015-6826

CVE-2015-6826 affects FFmpeg’s libavcodec/rv34.c: the function ff_rv34_decode_init_thread_copy does not initialize certain structure members, which can allow a remote attacker to trigger a denial of service (invalid pointer access) or other impact via crafted RealVideo data (RV30 or RV40). The vu...

CVE-2015-6826

The ffrv34decodeinitthreadcopy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via crafted 1 RV30 or 2 RV40 RealVideo dat...

php: invalid pointer free() in phar_tar_process_metadata()

An invalid free flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

php security update

5.3.3-46 - fix gzfile accept paths with NUL character 1213407 - fix patch for CVE-2015-4024 5.3.3-45 - fix more functions accept paths with NUL character 1213407 5.3.3-44 - soap: missing fix for 1222538 and 1204868 5.3.3-43 - core: fix multipart/form-data request can use excessive amount of CPU...

php: invalid pointer free() in phar_tar_process_metadata()

An invalid free flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

php: invalid pointer free() in phar_tar_process_metadata()

An invalid free flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

CentOS Update for openssl CESA-2015:0716 centos7

Check the version of openssl SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882147";...

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Storage 2.1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for ea...

openssl: invalid pointer use in ASN1_TYPE_cmp()

An invalid pointer use flaw was found in OpenSSL's ASN1TYPEcmp function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark1)

The remote Solaris system is missing necessary patches to address security updates : - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service infinite loop via vectors related to the 1 ANSI MAP, 2 ASF, 3 IEEE 802.11, 4 IEEE 802.3, and 5 LTP...

CVE-2014-9221

CVE-2014-9221 affects strongSwan’s IKEv2 KE handling with DH group 1025, causing a NULL pointer dereference and potential denial of service. Public details in connected advisories confirm the flaw exists in strongSwan 4.5.x–5.2.x (before 5.2.1) and can crash the IKE daemon on receiving a crafted ...

CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service invalid pointer dereference via a crafted IKEv2 Key Exchange KE message with Diffie-Hellman DH group 1025...

CVE-2014-8439

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial o...

UBUNTU-CVE-2014-8439

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial o...

CVE-2014-8439

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial o...

CVE-2014-8439

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial o...

Null pointer dereference

kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service invalid pointer dereference via a crafted application...