libvpx: Double-free in libvpx encoder

A flaw was found in libvpx. A double-free issue can occur in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash...

OESA-2025-1377 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

The vulnerability of the encoding library for generating video streams with the libx264 library in the FFmpeg multimedia library lies in improper code generation control. This allows attackers to execute arbitrary code.

The vulnerability of the encoding library for generating video streams with the libx264 library in the FFmpeg multimedia library is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created AAC file...

The vulnerability of the libavcodec library for encoding and decoding audio and video files in the FFmpeg multimedia library allows a perpetrator to cause a service failure.

The vulnerability of the libavcodec library, which is used for encoding and decoding audio and video files in the FFmpeg multimedia library, relates to pointer manipulation. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2025-25819

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue was related to the video device for the MPEG encoder not setting device caps, which prevented the video device from being...

CVE-2025-27091

OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence...

SUSE CVE-2024-5197

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling...

CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

UBUNTU-CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

CVE-2024-36615

The CVE-2024-36615 entry concerns FFmpeg n7.0: a race condition in the VP9 decoder that can cause a data race if video encoding parameters are exported, with side data attached in the decoder thread while read in the output thread. Connected sources (Debian DLA-4440 and OpenSUSE/SUSE advisories) ...

USN-6983-1 ffmpeg vulnerability

Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code...

USN-6983-1: FFmpeg vulnerability

Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code...

OESA-2024-1877 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: An integer overflow...

DEBIAN-CVE-2024-32228

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevcframeend...

ROS-20240619-11

Vulnerability in imgallochelper function of libaom video encoding library is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafted data...

DEBIAN-CVE-2023-6349

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above...

DEBIAN-CVE-2024-35919

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist has been deleted due to an unexpected...