ALPINE-CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

SeaCMS cross-site scripting vulnerability (CNVD-2018-19743)

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A cross-site scripting vulnerability exists in the adminvideo.php file in SeaCMS version 6.64. A remote attacker can exploit this vulnerabilit...

CVE-2018-16071

A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

chromium-browser: Heap buffer overflow in WebRTC

Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2018-6157

Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2018-6156

Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2018-6155

Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

PT-2018-12476 · Mp4V2 · Mp4V2

Name of the Vulnerable Software and Affected Versions: MP4v2 version 2.0.0 Description: The issue arises from a type confusion in the MP4Atom::factory function within mp4atom.cpp, where MP4ItemAtom is used instead of the required MP4DataAtom. This confusion occurs when handling a crafted MP4 file...

UBUNTU-CVE-2018-14326

In MP4v2 2.0.0, there is an integer overflow with resultant memory corruption when resizing MP4Array for the ftyp atom in mp4array.h...

CVE-2018-13302

In FFmpeg 4.0.1, improper handling of frame types other than EAC3FRAMETYPEINDEPENDENT that have multiple independent substreams in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or...

DEBIAN-CVE-2018-13301

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service...

CVE-2018-13303

In FFmpeg 4.0.1, a missing check for failure of a call to initgetbits8 in the avprivac3parseheader function in libavcodec/ac3parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service...

chromium-browser: Use of uninitialized memory in WebRTC

Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file...

CVE-2018-6132

Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file...

DEBIAN-CVE-2017-2906

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

UBUNTU-CVE-2017-2907

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

UBUNTU-CVE-2017-2906

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

DEBIAN-CVE-2018-10001

The decodeinit function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via an AVI file...

Exempi Denial of Service Vulnerability (CNVD-2018-06684)

Exempi is an open source implementation of XMP based on the Adobe XMP SDK. A security vulnerability exists in the Chunk class of the XMPFiles/source/FormatSupport/RIFF.cpp file in versions of Exempi prior to 2.4.4. A remote attacker can exploit this vulnerability to cause a denial of service...

UBUNTU-CVE-2017-18233

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file...