Ubuntu: Security Advisory (USN-4199-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4199-1: libvpx vulnerabilities

It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

USN-4199-1 libvpx vulnerabilities

It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

Mozilla Firefox ESR < 31.2 Multiple Vulnerabilities

Binary data 701248.prm...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. A heap-based buffer overflow in the nesteggtrackcodecdata function allows a remote attacker to execute arbitrary code via a WebM video containing a malicious header...

Fedora 28 : webkit2gtk3 (2018-509fc4a5c8)

This update addresses the following vulnerability : - CVE-2018-4345 This update brings the following changes : - Many improvements and fixes for video playback with media source extensions MSE, which improve the user experience across the board, and in particular for playback of WebM videos. - Fi...

UBUNTU-CVE-2018-19212

In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser that will lead to a DoS attack...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free. A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its...

libwebm 'ParseVP9SuperFrameIndex' function heap buffer out-of-bounds read and out-of-bounds write vulnerabilities

libwebm is an open source network media file codec library . A security vulnerability in the 'ParseVP9SuperFrameIndex' function in the common/libwebmutil.cc file in libwebm on 2018-01-30 and prior versions stems from the program's failure to validate the childframelength data of .webm files. A...

CVE-2018-6406

The function ParseVP9SuperFrameIndex in common/libwebmutil.cc in libwebm through 2018-01-30 does not validate the childframelength data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service heap-based buffer over-read and later out-of-bounds...

CVE-2018-6406

The function ParseVP9SuperFrameIndex in common/libwebmutil.cc in libwebm through 2018-01-30 does not validate the childframelength data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service heap-based buffer over-read and later out-of-bounds...

UBUNTU-CVE-2018-6406

The function ParseVP9SuperFrameIndex in common/libwebmutil.cc in libwebm through 2018-01-30 does not validate the childframelength data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service heap-based buffer over-read and later out-of-bounds...

Memory Corruption Vulnerability Exists in Video Pioneer PC (CNVD-2017-34298)

Video Pioneer is a software that can play video and audio online based on P2P Cloud 3D technology, supporting multiple streaming protocols, multiple audio and video formats. A memory corruption vulnerability exists in the Pioneer Player when parsing special webm files, which can be exploited by...

Memory corruption vulnerability exists in Xunlei Video (CNVD-2017-34313)

Xunlei Video is a product of Xunlei company a video and audio playback software. A memory corruption vulnerability exists in Xunlei Video Player when parsing certain webm files, which can be exploited by attackers to cause a denial of service attack or execute arbitrary code...

Memory Corruption Vulnerability in QQ Video

QQ Video is a local player from Tencent that supports movie and music files in any format. A memory corruption vulnerability exists in QQ Video Player when parsing certain format webm files, which can be exploited by attackers to cause a denial of service attack...

Buffer Overflow Vulnerability in Baidu Video

Baidu Video is a new experience player newly launched by Baidu. It supports video and audio files in mainstream media formats and realizes local playback and online on-demand playback. A buffer overflow vulnerability exists in Baidu AV player when parsing videos in a particular webm format. An...

Google Chrome webm video uninitialized memory access vulnerability

Google Chrome is a popular web browser. An uninitialized memory access vulnerability in Google Chrome webm video allows remote attackers to exploit the vulnerability to construct a malicious web page and trick users into parsing it, which can crash the application or execute arbitrary code...

Denial Of Service (DoS)

FFmpeg is vulnerable to denial of service DoS attacks and possibly other attacks. A malicious user can pass a malicious WebM file to create race conditions in the system that can lead to the system crashing...

Debian Security Advisory DSA 3776-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting issue...

Debian DSA-3776-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. - CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. - CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting...