10 matches found
CVE-2026-35203
ZLMediaKit's VP9 RTP payload parser (ext-codec/VP9Rtp.cpp) reads multiple fields from the RTP payload based on flag bits in the first byte without verifying enough data, allowing a crafted 1-byte VP9 payload (0xFF, all flags set) to read past the buffer end and trigger a heap-buffer-overflow. The...
CVE-2026-35203
ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...
EUVD-2026-17494
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
CVE-2026-34235 PJSIP: Heap OOB read in VPX unpacketizer
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
CVE-2026-34235 PJSIP: Heap OOB read in VPX unpacketizer
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
CVE-2026-34235
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
PJSIP 缓冲区错误漏洞
PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Prior to PJSIP 2.17, there was a buffer error vulnerability. This vulnerability stemmed from the VP9 RTP...
libvpx: crash related to VP9 encoding in libvpx
A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...
Google WebRTC VP9 Out-of-Bounds Memory Access Vulnerability
WebRTC, whose name derives from the acronym Web Real-Time Communication, is a technology that supports real-time voice or video conversations in web browsers. A security vulnerability exists in Google WebRTC VP9. An attacker can exploit the vulnerability to cause Chrome to crash. The vulnerabilit...
Google Chrome - size-limit value denial of service vulnerability
Google Chrome is a web browser developed by the American company Google Google. A denial of service vulnerability exists in Google Chrome - size-limit value. It allows remote attackers to launch denial-of-service attacks via crafted VP9 video data...