CVE-2020-9777

An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail...

UBUNTU-CVE-2019-20628

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gfm2tsprocesspmt in mediatools/mpegts.c that can cause a denial of service via a crafted MP4 file...

The vulnerability in the Google Chrome browser’s WebRTC implementation allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability in the Google Chrome browser’s WebRTC implementation arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the animation reproduction function in Blender’s software for creating 3D computer graphics is caused by a full-integer overflow, allowing an attacker to execute arbitrary code.

The vulnerability of the animation reproduction function in Blender’s 3D computer graphics software is caused by a numerical overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created AVI file...

The vulnerability of the mp4ff_read_stco function (common/mp4ff/mp4atom.c) in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a hacker to trigger a service denial.

The vulnerability of the mp4ffreadstco function common/mp4ff/mp4atom.c in the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure using a...

CVE-2019-11931

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions...

The vulnerability of the MP4 demultiplexer in the VideoLAN VLC media player software allows a hacker to execute arbitrary code or trigger a service denial.

The vulnerability of the MP4 demultiplexer in the VideoLAN VLC media player software is related to errors in checking the length of string containers. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or trigger a service denial-of-service attack using a specially...

The vulnerability of Google Chrome browsers, related to the use of uninitialized values, allows attackers to access confidential data.

The vulnerability of Google Chrome relates to the use of uninitialized values, which can lead to the retrieval of arbitrary data contained in the kernel’s memory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data when a specially crafted video file is sent...

CVE-2019-9719

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a...

CVE-2019-9717

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

CVE-2019-9720

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf...

CVE-2019-9717

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

Stack overflow

DISPUTED A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence o...

Format string

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

CVE-2019-9717

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

CVE-2019-9720

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf...

CVE-2019-9720

CVE-2019-9720 affects Libav 12.3: a stack-based buffer overflow in the subtitle decoder due to incorrect use of snprintf in libavcodec/srtdec.c (srt_to_ass). Exploitation via a crafted Matroska video file can corrupt the stack. No explicit remediation details are given in the provided documents; ...

CVE-2019-9717

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

DEBIAN-CVE-2019-14776

A heap-based buffer over-read exists in DemuxInit in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file...

VLC < 3.0.8 Multiple Vulnerabilities

The version of VLC media player installed on the remote Windows host is prior to 3.0.8. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in the modules/demux/mp4/mp4.c component of VLC Player. An unauthenticated, remote attacker can exploit this, by...