293 matches found
[SECURITY] [DSA 5753-1] aom security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5753-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq -...
Debian dsa-5753 : aom-tools - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5753 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5753-1 [email protected] https://www.debian.org/security/ Moritz...
UBUNTU-CVE-2024-43831
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpudecinit to ensure the decoder vsi is valid for future use...
libde265: Multiple Vulnerabilities
Background Open h.265 video codec implementation. Description Multiple vulnerabilities have been discovered in libde265. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
UBUNTU-CVE-2024-42228
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value size when calling amdgpuvcecsreloc Initialize the size before calling amdgpuvcecsreloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential null pointer dereference issue in the media:mtk-vcodec component in the SCP...
PT-2024-30693
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns handling an invalid decoder vsi in the vpu dec init function to ensure the decoder vsi is valid for future use. This is related to the media: mediatek: vcodec componen...
UBUNTU-CVE-2024-35921
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed i...
PT-2024-14773
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the MediaTek vcodec driver in the Linux kernel. The mtk vcodec mem free function is mostly called when the buffer to free exists, but there are instances where th...
Libde265 安全漏洞
Libde265 is a German h.265 video codec. A security vulnerability exists in Libde265 version v1.0.12, which originates from a denial of service when the allocation size exceeds the maximum supported 0x10000000000...
ROS-20240408-03
Vulnerability of derivatespatiallumavectorprediction function of h.265 Libde265 video codec implementation is related to with the ability to write beyond buffer boundaries in memory. Exploiting the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity an...
ROS-20240405-07
Vulnerability in slicesegmentheader function of Libde265 video codec implementation is related to copying the buffer without checking the input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20240402-13
Vulnerability in picparameterset::dump function of h.265 Libde265 video codec implementation is related to multiple buffer overflows via numtilecolumns and numtilerow parameters. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial of service...
USN-6659-1: libde265 vulnerabilities
It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2022-43244, CVE-2022-43249, CVE-2022-43250,...
dav1d Input Validation Error Vulnerability
dav1d is an AV1 cross-platform decoder from the individual developers at Void². A security vulnerability exists in dav1d versions prior to 1.4.0, which stems from an integer overflow vulnerability in the AV1 decoder...
USN-6627-1: libde265 vulnerabilities
It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. CVE-2021-35452, CVE-2021-36411, CVE-2022-43238, CVE-2022-43241,...
USN-6617-1: libde265 vulnerabilities
It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and...
PT-2024-6079 · Gstreamer +5 · Gstreamer +5
Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.22.9 Description: This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of tile list data within AV1-encoded video files...
[SECURITY] [DLA 3699-1] libde265 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3699-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz December 30, 2023 https://wiki.debian.org/LTS -...
gstreamer: AV1 codec parser heap-based buffer overflow
A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation...