GOM Media Player 2.1.37 Buffer Overflow Vulnerability

No description provided by source. Introduction: ============= GOM Player Gretech Online Movie Player is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. It is the primary client player for South Korean GOM-TV, and is more popular in South Kor...

FFmpeg及Libav 'libavcodec/wmalosslessdec.c'内存破坏漏洞

BUGTRAQ ID: 66057 CVECAN ID: CVE-2014-2098 FFmpeg是一个免费的可以执行音讯和视讯多种格式的录影、转档、串流功能的软件。 FFmpeg及Libav 2.1.4之前版本libavcodec/wmalosslessdec.c对某些系数使用了错误的数据结构大小，这可使远程攻击者通过特制的WMA数据，利用此漏洞造成拒绝服务（内存破坏）。 0 FFmpeg FFmpeg 2.1.4 厂商补丁： FFmpeg ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://ffmpeg.org/security.html...

CVE-2014-2098

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted WMA data...

Out-of-bounds

The msrledecodeframe function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Microsoft RLE video data...

CVE-2014-2098

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted WMA data...

CVE-2014-2099

FFmpeg vulnerability CVE-2014-2099: The msrle_decode_frame function in libavcodec/msrle.c does not correctly calculate line sizes, enabling remote attackers to trigger a denial of service via out-of-bounds array access with crafted Microsoft RLE video data. Affected software: FFmpeg before 2.1.4....

CVE-2014-2098

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted WMA data...

CVE-2014-2097

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

CVE-2014-2098

The CVE-2014-2098 issue affects FFmpeg: libavcodec/wmalosslessdec.c before 2.1.4 uses an incorrect data-structure size for certain coefficients, enabling memory corruption/denial of service via crafted WMA data. Affected product: FFmpeg (libavcodec). Root cause: incorrect coefficient data structu...

CVE-2012-6615

The ffasssplitoverridecodes function in libavcodec/asssplit.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a subtitle dialog without text...

Out-of-bounds

The movtextdecodeframe function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service out-of-bounds read and crash via crafted 3GPP TS 26.245 data...

CVE-2012-6616

The CVE-2012-6616 issue affects FFmpeg’s mov_text_decode_frame in libavcodec/movtextdec.c prior to 1.0.2, enabling remote attackers to trigger an out-of-bounds read and crash via crafted 3GPP TS 26.245 data. Multiple advisories (Debian, UBUNTU, Red Hat, NVD, CVE.org, OSV, Nessus) reference this f...

CVE-2012-6615

CVE-2012-6615 affects FFmpeg prior to 1.0.2. The vulnerability is in the function ff_ass_split_override_codes (libavcodec/ass_split.c), where processing a subtitle dialog without text can trigger a NULL pointer dereference, leading to denial of service (crash). This is a remote issue with network...

CVE-2013-4358

libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service crash via vectors related to alternating bit depths in H.264 data...

CVE-2013-4358

CVE-2013-4358 affects FFmpeg, specifically the libavcodec/h264.c path, with vulnerable code present in FFmpeg before 0.11.4. The issue allows remote attackers to trigger a denial of service (crash) via vectors related to alternating bit depths in H.264 data. Documents indicate a bug in FFmpeg’s H...

CVE-2013-7024

The jpeg2000decodetile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JPEG2000 dat...

CVE-2013-7014

Integer signedness error in the addbytesl2c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted PNG data...

DEBIAN-CVE-2013-7009

The rpzadecodestream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Apple RPZA data...

Out-of-bounds

The getsiz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JPEG2000 data...

Out-of-bounds

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JPEG2000 data...