Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 CVSS score: 9.8, a critical integer overflow vulnerability in WhatsApp that results in the...

Critical WhatsApp vulnerabilities patched: Check you've updated!

WhatsApp has fixed two remote code execution vulnerabilities in its September update, according to its security advisory. These could have allowed an attacker to remotely access a device and execute commands from afar. These versions of WhatsApp are affected by at least one of the vulnerabilities...

Vulnerabilities fixed in WhatsApp

Two vulnerabilities have been fixed in WhatsApp. The vulnerability with reference CVE-2022-36934 allows a remote malicious person to able to execute arbitrary code during a video call. The vulnerability with attribute CVE-2022-27492 allows a remote malicious person to remotely able to execute...

CVE-2022-27492

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file...

CVE-2022-27492

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file...

Integer overflow

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file...

CVE-2022-27492

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file...

PT-2022-18452 · Meta · Whatsapp

Name of the Vulnerable Software and Affected Versions: WhatsApp affected versions not specified Description: An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. Recommendations: At the moment, there is no information about a newer version...

CVE-2022-34108

An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service DoS via a crafted image or video file...

CVE-2022-34108

An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service DoS via a crafted image or video file...

PT-2022-17789 · WordPress · All-In-One Video Gallery

Name of the Vulnerable Software and Affected Versions: All-in-One Video Gallery plugin for WordPress versions up to, and including 2.6.0 Description: The issue allows unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server via the dl...

CVE-2022-22059

Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

Memory corruption

Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

GStreamer 输入验证错误漏洞

GStreamer is a set of frameworks for processing streaming media. A security vulnerability exists in GStreamer version 1.16.2, which is caused by an integer overflow in the avidemux element of the gstavidemuxinvert function, which allows heap overwriting when parsing avi files, and can be exploite...

The vulnerability of the mpeg_mux_write_packet function in the libavformat/mpegenc.c component of the FFmpeg multimedia library allows a attacker to cause a service failure.

The vulnerability of the mpegmuxwritepacket function in the libavformat/mpegenc.c component of the FFmpeg multimedia library relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to cause a service failure by using a specially created AVI file...

Samsung Video Player Privilege Mismanagement Vulnerability

Samsung Video Player is a built-in system video player application optimized for the Samsung Galaxy series from Samsung South Korea. A privilege mismanagement vulnerability exists in Samsung Video Player versions prior to 7.3.15.30, which stems from Samsung Video Player's faulty privilege...

CVE-2022-24927

Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission...

PT-2022-7269 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to a segmentation violation via the apply sao internal function in sao.cc, which can be exploited to cause a Denial of Service DoS by using a crafted video file. This can be achieved by...

The vulnerability of Adobe Audition for Windows and macOS, related to reading data beyond the buffer in memory, allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of Adobe Audition for Windows and macOS relates to reading data beyond the buffer limit in memory. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and gain unauthorized access to protected information through a specially created MP4 file...

The vulnerability of the Adobe Media Encoder application, related to reading beyond the buffer in memory, allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the Adobe Media Encoder application relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and gain unauthorized access to protected information through a specially created MP4 file...