CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

CVE-2019-25645 WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function ...

CVE-2019-25645

CVE-2019-25645 affects WinAVI iPod/3GP/MP4/PSP Converter 4.4.2. A denial-of-service condition arises when processing malformed AVI files; specially crafted AVI payloads with an oversized buffer can be loaded via the Convert to iPhone function to crash the application. Impact is local, with no con...

CVE-2019-25617

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter...

PT-2026-26777

Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...

CVE-2026-2921 GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability

GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending o...

GStreamer 输入验证错误漏洞

GStreamer is an open-source framework for processing streaming media. GStreamer has a vulnerability related to input validation, which stems from a lack of verification of the data provided by users when handling palette data in AVI files. This vulnerability may lead to integer overflow and remot...

PT-2026-31526

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description An integer overflow issue exists in the Media component of Google Chrome. Successful exploitation of this issue could allow a remote attacker to cause a denial-of-service through a...

PT-2026-31528

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description An integer overflow exists in the Media browser component of Google Chrome. Successful exploitation could allow a remote attacker to cause a denial-of-service through a specially crafte...

CVE-2025-70299

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

CVE-2025-70303

CVE-2025-70303 concerns GPAC v2.4.0, where the uncv_parse_config() function is vulnerable to a heap overflow (CNVD and Red Hat listings corroborate as a DoS risk). Exploitation involves processing a crafted MP4 file, leading to denial of service. Connected sources consistently describe a DoS outc...

Astra Linux – Vulnerability in Chromium

The use of after-free in Storage in Google Chrome before version 141.0.7390.65 allowed a remote attacker to execute arbitrary code through a crafted video file. Chromium security severity: High...

CVE-2022-42846

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination...

CVE-2024-41206

A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file...

CVE-2022-27492

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file...

CVE-2025-15003

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file adminvideo.php. Performing a manipulation of the argument eid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

CVE-2025-15003

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file adminvideo.php. Performing a manipulation of the argument eid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

CVE-2025-15003 SeaCMS admin_video.php sql injection

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file adminvideo.php. Performing a manipulation of the argument eid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

CLSA-2025-1764688338 gstreamer1-plugins-good: Fix of CVE-2024-47537

CVE-2024-47537: qtdemux: fix integer overflow when allocating the samples table for fragmented MP4...

CVE-2025-65406

A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MKV file...