CVE-2017-5024

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

UBUNTU-CVE-2017-5024

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

chromium-browser: heap overflow in ffmpeg

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2017-5024

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

Design/Logic Flaw

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

ALPINE-CVE-2016-5199

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2016-5199

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2016-5199

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

RedHat Update for gstreamer1-plugins-bad-free RHSA-2017:0021-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : gstreamer-plugins-bad-free (RHSA-2016:2974)

An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Legal Robot: S3 ACL misconfiguration

Summary: Legal Robot's s3 bucket legalrobot.com is misconfigured. The ACL allows me to access and copy all files. This means that I could go through and copy all the media files on the s3 bucket. I did not attempt to delete any files as I did not want to go too far and affect your operations. Ste...

UBUNTU-CVE-2016-5199

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

ffmpeg memory leak vulnerability

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams. Under the LGPL or GPL license. It provides a complete solution for recording, converting, and streaming audio and video. A memory leak vulnerability exists in avireadheader in...

The vulnerability of the FFmpeg multimedia library, which allows a intruder to trigger a service failure or cause other effects

The vulnerability of the apngencodeframe and encodeapng functions in the FFmpeg multimedia library is due to buffer overflow. Exploiting this vulnerability can allow an attacker to cause service interruptions or other effects by using a specially created .avi file...

FFmpeg Denial of Service Vulnerability (CNVD-2016-01129)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the libavcodec/pngenc.c file in FFmpeg versions prior to 2.8.5, which is caused by the program using incorrect line sizes during line calculations. The...

The vulnerability of the Windows operating system, allowing a hacker to read arbitrary files

The vulnerability of the Windows operating system is related to deficiencies in video file processing. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially crafted .mcl file...

ffmpeg -- remote attacker can access local files

Arch Linux reports: ffmpeg has a vulnerability in the current version that allows the attacker to create a specially crafted video file, downloading which will send files from a user PC to a remote attacker server. The attack does not even require the user to open that file — for example, KDE...

Mozilla Firefox-bit platforms integer overflow vulnerability

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open-source web browser; Firefox ESR is an extended-support version of Firefox. libstagefright is one of the hard-coding support libraries. The MPEG4Extractor.cpp file in the...

CVE-2015-7222

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service incorrect memory allocation and application crash via an MP4 video...

CVE-2015-7213

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow...