DEBIAN-CVE-2021-3566

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'readprobe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long...

CVE-2021-3566

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'readprobe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long...

PT-2021-7714 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.8 Description: The issue is related to the insufficient use of the assert function in the sps.cc component of the libde265 h.265 video codec implementation. This can be exploited by a remote attacker using a specially...

CVE-2020-35979

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gprtpbuilderdoavc in ietf/rtppckmpeg4.c...

Fedora: Security Advisory for mediaconch (FEDORA-2021-3b67623d93)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the HEVC Video Extension codec, related to improper code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the HEVC Video Extension codec is related to improper code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

[SECURITY] Fedora 32 Update: mediainfo-20.09-1.fc32

MediaInfo CLI Command Line Interface. What information can I get from MediaInfo? General: title, author, director, album, track number, date, duration... Video: codec, aspect, fps, bitrate... Audio: codec, sample rate, channels, language, bitrate... Text: language of subtitle Chapters: number of...

RHEL 8 : libvpx (RHSA-2020:4629)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4629 advisory. The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimed...

libvpx security update

An update is available for libvpx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvpx packages provide the VP8 SDK, which allows the encoding and decodin...

USN-4199-2: libvpx vulnerabilities

USN-4199-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted We...

The vulnerability of the lavc_CopyPicture function in the VideoLAN VLC media player software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the lavcCopyPicture function module/codec/avcodec/video.c in the Media Player VideoLAN VLC application is related to a buffer overflow vulnerability in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...

PT-2021-6495 · Libde265 +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.4 Description: The issue is related to a heap buffer overflow in the mc chroma function of the libde265 video codec implementation for h.265. This can be exploited by a remote attacker using a specially crafted file,...

PT-2020-6487 · FFmpeg +4 · Ffmpeg +4

Name of the Vulnerable Software and Affected Versions: ffmpeg versions prior to 4.3 Description: The issue is related to the tty demuxer in the FFmpeg library, which did not have a read probe function assigned to it. This can be exploited by crafting a legitimate "ffconcat" file that references a...

CVE-2019-9338

In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762686...

CVE-2019-13962

lavcCopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height...

CVE-2019-13962

lavcCopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height...

CVE-2019-2109

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

Fedora Update for mediaconch FEDORA-2019-7155125125

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 28 Update: mediaconch-18.03.2-7.fc28

MediaConch is an implementation checker, policy checker, reporter, and fixer that targets preservation-level audiovisual files specifically Matroska, Linear Pulse Code Modulation LPCM and FF Video Codec 1 FFV1. This project is maintained by MediaArea and funded by PREFORMA. This package includes...

Google Android Media framework APacketSource.cpp file remote code execution vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A buffer error vulnerability exists in MakeMPG4VideoCodecSpecificData in the APacketSource.cpp file in Android. The vulnerability stems from a networked system or product performing operations in...