Microsoft Windows Media Foundation Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user...

Microsoft Media Foundation CMP4MetadataHandler AddQTMetadata Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the mfmp4srcsnk.dll of Microsoft Media Foundation. A specially crafted QuickTime file can cause a Use-After-Free, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...

EulerOS 2.0 SP5 : exempi (EulerOS-SA-2019-2143)

According to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Exempi before 2.4.4. The ASFSupport::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASFSupport.cpp allows...

Amazon Linux 2 : exempi (ALAS-2019-1321)

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file.CVE-2017-18233 An issue was discovered in Exempi before 2.4.3. It...

Low: exempi

Issue Overview: An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file.CVE-2017-18233 An issue was discovered in Exempi...

CVE-2017-18238

An infinite loop has been discovered in Exempi in the way it handles Extensible Metadata Platform XMP data in QuickTime files. An attacker could cause a denial of service via a crafted file...

QuickTime get_by_tree Memory Corruption Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AudioCodecs...

exempi security update

CentOS Errata and Security Advisory CESA-2019:2048 An update for exempi is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp

An infinite loop has been discovered in Exempi in the way it handles Extensible Metadata Platform XMP data in QuickTime files. An attacker could cause a denial of service via a crafted file...

[SECURITY] Fedora 29 Update: mediainfo-19.04-1.fc29

MediaInfo CLI Command Line Interface. What information can I get from MediaInfo? General: title, author, director, album, track number, date, duration... Video: codec, aspect, fps, bitrate... Audio: codec, sample rate, channels, language, bitrate... Text: language of subtitle Chapters: number of...

[SECURITY] Fedora 29 Update: libmediainfo-19.04-1.fc29

This package contains the shared library for MediaInfo. MediaInfo supplies technical and tag information about a video or audio file. What information can I get from MediaInfo? General: title, author, director, album, track number, date, duration... Video: codec, aspect, fps, bitrate... Audio:...

[SECURITY] Fedora 30 Update: libmediainfo-19.04-1.fc30

This package contains the shared library for MediaInfo. MediaInfo supplies technical and tag information about a video or audio file. What information can I get from MediaInfo? General: title, author, director, album, track number, date, duration... Video: codec, aspect, fps, bitrate... Audio:...

About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

SUSE SLED15 / SLES15 Security Update : libraw (SUSE-SU-2019:0005-1)

This update for libraw fixes the following issues : Security issues fixed : The following security vulnerabilities were addressed : CVE-2018-5813: Fixed an error within the 'parseminolta' function dcraw/dcraw.c that could be exploited to trigger an infinite loop via a specially crafted file. This...

LibRaw 'parse_qt()' function integer overflow vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. An integer overflow vulnerability exists in the 'parseqt' function in the internal/dcrawcommon.cpp file in LibRaw versions prior to 0.18.12. A remote attacker can exploit this...

DEBIAN-CVE-2018-5815

An integer overflow error within the "parseqt" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file...

CVE-2018-5815

An integer overflow error within the "parseqt" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file...

CVE-2018-5815

An integer overflow error within the "parseqt" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file...

Integer overflow

An integer overflow error within the "parseqt" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file...

CVE-2018-5815

An integer overflow error within the "parseqt" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file...