SUSE CVE-2017-9122

The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file...

SUSE CVE-2017-15672

The readheader function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read...

SUSE CVE-2018-6157

Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

SUSE CVE-2018-6156

Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

SUSE CVE-2018-6392

The filterslice function in libavfilter/vftranspose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service out-of-array access via a crafted MP4 file...

SUSE CVE-2018-6621

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

SUSE CVE-2018-12458

An improper integer type in the mpeg4encodegopheader function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

SUSE CVE-2018-12459

An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

SUSE CVE-2018-13304

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studioprofile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to errorresilience.c, h263dec.c, and...

SUSE CVE-2018-16071

A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

SUSE CVE-2018-19129

In Libav 12.3, a NULL pointer dereference RIP points to zero issue in ffmpasynthfilterfloat in libavcodec/mpegaudiodsptemplate.c can cause a segmentation fault application crash via a crafted mov file...

SUSE CVE-2019-5818

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file...

SUSE CVE-2019-13602

An Integer Underflow in MP4EIA608Convert in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service heap-based buffer overflow and crash or possibly have unspecified other impact via a crafted .mp4 file...

SUSE CVE-2021-25803

A buffer overflow vulnerability in the vlcinputattachmentNew component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file...

SUSE CVE-2022-2566

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in buildopengopkeypoints goes through all entries in the loop and adds sc-cttsdatai.count to sc-sampleoffsetscount. This can lead to an integer overflow resulting in a small allocation with avcalloc. An...

Amazon Linux 2022 : nginx, nginx-all-modules, nginx-core (ALAS2022-2023-270)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-270 advisory. NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the...

Medium: nginx

Issue Overview: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memor...

CVE-2022-46694

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution...

CVE-2022-42846

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination...

CVE-2022-42846

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination...