180 matches found
OESA-2026-2697 ffmpeg security update
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: An out-of-bounds write...
SUSE CVE-2026-56211
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...
CVE-2026-12026
The following flaw was identified in the Chromium browser: Out of bounds read Video. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517347084...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed a null reference during testing of fluster. When multiple instances are created or destroyed, many interrupts occur, and structures related to the decoder are removed. The struct vpuinstance...
Astra Linux – Vulnerability in ffmpeg
There is a heap-based Buffer Overflow vulnerability in gaussianblur at libavfilter/vfedgedetect.c, which may lead to memory corruption and other potential issues...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Media: Platform: MediTech: VPU: Fix for NULL pointer dereferencing If pdev is NULL, it is still dereferenced. This fixes the “match warning” in the following file: drivers/media/platform/mediatek/vpu/mtkvpu.c:570 – vpuloadfirmwar...
Astra Linux – Vulnerability in ffmpeg5
A vulnerability was discovered in FFmpeg up to version 7.0.1. It has been classified as critical. This issue affects the pnmDecodeFrame function in the /libavcodec/pnmdec.c library. The vulnerability causes a heap-based buffer overflow. The attack can be initiated remotely. The exploit has been...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - Media: MediTech: vcodec: Added a lock to protect the ctxlist variable, to prevent access to a NULL pointer within the vpudecipihandler function when the ctxlist has been deleted due to an unexpected behavior on the SCP IP...
CVE-2025-32436
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AddAudioToVideoBlock will download and store the video and audio in a temporary directory without deleting before all noded are done. StepThroughItemsBlock c...
EUVD-2026-37208
In multiple functions of vpuioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Chromium: CVE-2026-10949 Heap buffer overflow in Video
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Astra Linux – Vulnerability in ffmpeg
In FFmpeg 4.4, the adtsdecodeextradata function in libavformat/adtsenc.c does not check the return value of initgetbits. This is a necessary step, as the second argument of initgetbits can be manipulated...
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
Posted by Seth Jenkins We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026. Whil...
CVE-2026-6783
Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6783
Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
Scaling Your Media Workloads: Introducing Akamai’s New 8-Card VPU Plan
...
Chromium: CVE-2026-6302 Use after free in Video
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...
CVE-2026-34755
vLLM's VideoMediaIO.load_base64("video/jpeg") path has an unbounded frame-splitting bug: data.split(",") bypasses the intended frame-count limit (default 32) used by the binary path, allowing a single request with thousands of comma-separated base64 JPEG frames. This can cause the server to decod...
WWBN AVideo 授权问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an authorization vulnerability. This vulnerability stemmed from the lack of permission verification for the overrideStatus parameter in the video processing...