998 matches found
EUVD-2026-40743
Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. Chromium security severity: Low...
EUVD-2026-40544
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-36912
A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36909
The CVE-2026-36909 affects MPC-BE (Aleksoid1978 MPC-BE) with a NULL pointer dereference in AP4_TkhdAtom::GetTrackId(), allowing DoS via a crafted MP4 file. Affected entity is MPC-BE before commit 4341cb3. Root cause: NULL pointer dereference in track ID retrieval. Impact: Denial of Service when p...
CVE-2026-36911
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
DEBIAN-CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
CVE-2026-13858 involves an out-of-bounds read in FFmpeg when used by Google Chrome prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to read process memory via a crafted video file, with the impact described as high confidentiality risk and no changes to integrity/av...
CVE-2026-36907
Summary: CVE-2026-36907 is a stack overflow in the Bento4 toolkit (Apollo AXIOMATIC Bento4) within the AP4_StsdAtom component. Affected version(s): Bento4 before v1.8.9. Impact: Denial of Service (DoS) via a crafted MP4 file. Root cause: Stack overflow in AP4_StsdAtom when parsing MP4 metadata. R...
CVE-2026-12892
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...
EUVD-2026-38607
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...
EUVD-2025-210311
GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gfisomaddtrackkind function at isomedia/isomwrite.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-55447 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...
CVE-2026-55447
Langflow’s BaseFileComponent family (including Read File, DoclingInlineComponent, DoclingServe, DoclingRemoteComponent, NvidiaIngestComponent, VideoFileComponent, UnstructuredComponent) is affected by CVE-2026-55447. The underlying issue is in base_file.py: _unpack_bundle TAR extraction does not ...
Linux Distros Unpatched Vulnerability : CVE-2026-12706
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the ffhevcputhevcepelpixels8sse function in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a crafted video file...
Astra Linux – Vulnerability in Chromium
The use of after-free in Storage in Google Chrome before version 141.0.7390.65 allowed a remote attacker to execute arbitrary code through a crafted video file. Chromium security severity: High...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the putepel16fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...