96 matches found
VulnCheck KEV: CVE-2009-0084
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression...
CVE-2011-3947
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...
CVE-2011-3947
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...
Buffer overflow
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...
CVE-2011-3947
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...
CVE-2011-3947
CVE-2011-3947 describes a buffer overflow in mjpegbdec.c of FFmpeg/libavcodec that can be triggered by a crafted MJPEG-B file. Affected components/versions include FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x b...
CVE-2011-3947
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...
Ubuntu 11.04 / 11.10 / 12.04 LTS : libav vulnerabilities (USN-1478-1)
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user...
USN-1478-1: Libav vulnerabilities
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user...
ffmpeg library multiple security vulnerabilities
Multiple security vulnerabilities on Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV parsing...
CVE-2011-3947
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...
Windows媒体解压多个远程代码执行漏洞(MS10-033)
BUGTRAQ ID: 40464,40432 CVE ID: CVE-2010-1879,CVE-2010-1880 Windows是微软发布的非常流行的操作系统。 Windows中的多个多媒体处理组件在处理媒体文件时没有正确地解析其中的压缩数据,如果用户打开了特制的媒体文件,就可能允许远程代码执行。如果用户以管理权限登录,则成功利用此漏洞的攻击者可以完全控制受影响的系统。 Microsoft DirectX 9.0 Microsoft Media Format Runtime 9.5 x64 Microsoft Media Format Runtime 9.5 Microsoft...
CVE-2010-1880
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."...
Design/Logic Flaw
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."...
Microsoft DirectShow MJPEG Crafted Segments Code Execution (MS10-033; CVE-2010-1880)
Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. Audio Video Interleave AVI is a file type that is used with applications that capture, edit, and play back audio-video sequences. A remo...
Microsoft Windows media files parsing memroy corruption
Memory corruption on JPEG / MJPEG parsing...
ZDI-10-037: Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability
ZDI-10-037: Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-037 April 2, 2010 -- CVE ID: CVE-2010-0517 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPointTM IPS Customer Protection:...
Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of...
Microsoft DirectX Crafted MJPEG Stream Handling Code Execution (MS08-033; CVE-2008-0011)
Microsoft DirectX is a software component which contains a set of APIs that provide access to graphics acceleration chips and sound cards and other types of media hardware. These APIs control low-level functions including graphics acceleration, support for input devices such as joysticks,...
Microsoft DirectX MJPEG视频解码远程代码执行漏洞(MS09-011)
BUGTRAQ ID: 34460 CVECAN ID: CVE-2009-0084 Microsoft DirectX是Windows操作系统中的一项功能,流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。 DirectX处理受支持格式文件的方式存在漏洞,如果用户受骗打开了特制的MJPEG文件就会导致执行任意代码。成功利用此漏洞的攻击者可以完全控制受影响的系统,攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 Microsoft DirectX 9.0 Microsoft DirectX 8.1 临时解决方法:...