PYSEC-2024-107

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

PYSEC-2024-106

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions before v0.28 are no...

PT-2024-20592

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.28.0 through v0.28.1 Description Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in the QuickTimeVideo::NikonTagsDecod...

gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution...

USN-5958-1 ffmpeg vulnerabilities

It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-3109, CVE-2022-3341 It...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : FFmpeg vulnerabilities (USN-5958-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5958-1 advisory. It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cau...

SUSE CVE-2006-2458

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via 1 the asfreadheader function in the ASF plugin plugins/asfextractor.c, and 2 the parsetrakatom function in the QT plugin plugins/qtextractor.c...

SUSE CVE-2009-0386

Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample ctts atom data in a malformed QuickTime medi...

SUSE CVE-2009-0387

Array index error in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted Sync Sample aka stss atom da...

SUSE CVE-2009-0398

Array index error in the gstqtptrakhandler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins aka gstreamer-plugins 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file...

SUSE CVE-2009-0397

Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11, and GStreamer Plug-ins aka gstreamer-plugins 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample aka...

SUSE CVE-2014-7908

Multiple integer overflows in the CheckMov function in media/base/containernames.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in 1 MPEG-4 or 2 QuickTime .mov data...

SUSE CVE-2016-2399

Integer overflow in the quicktimereadpascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom...

SUSE CVE-2016-5108

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted QuickTime IMA file...

SUSE CVE-2017-9122

The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file...

SUSE CVE-2017-9125

The lqtframeduration function in lqtquicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mp4 file...

SUSE CVE-2017-9124

The quicktimematch32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted mp4 file...

SUSE CVE-2017-9127

The quicktimeuseratomsreadatom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash via a crafted mp4 file...

SUSE CVE-2017-9128

The quicktimevideowidth function in lqtquicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted mp4 file...

SUSE CVE-2017-12145

In libquicktime 1.2.4, an allocation failure was found in the function quicktimereadftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file...