libvpx: Multiple Vulnerabilities

Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

WebM Project WebP Image Library Installed (Windows)

Binary data webmprojectwebpimagelibrarywininstalled.nbin...

WebM Project WebP Image Library Installed (Linux)

Binary data webmprojectwebpimagelibrarynixinstalled.nbin...

WebM Project WebP Image Library (libwebp) < 1.3.2 Vulnerability

The version of WebM Project WebP Image Library libwebp installed on the remote host is prior to 1.3.2. It is, therefore, affected by a vulnerability: - Heap buffer overflow in libwebp prior to libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a specially crafted...

gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using HEADERSTRIP decompression. This vulnerability can result in application crash, memory corruption, and code execution...

gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using lzo decompression. This vulnerability can result in application crash, memory corruption, and code execution...

SUSE CVE-2010-4489

libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service out-of-bounds read via a crafted WebM video. NOTE: this vulnerability exists because of a regression...

SUSE CVE-2014-1578

The gettile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly execute arbitrary code via WebM frames with invalid tile sizes that are...

SUSE CVE-2015-4485

Heap-based buffer overflow in the resizecontextbuffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data...

SUSE CVE-2015-4486

The decreaserefcount function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via malformed WebM video data...

SUSE CVE-2015-4511

Heap-based buffer overflow in the nesteggtrackcodecdata function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video...

SUSE CVE-2015-6761

The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...

SUSE CVE-2018-6406

The function ParseVP9SuperFrameIndex in common/libwebmutil.cc in libwebm through 2018-01-30 does not validate the childframelength data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service heap-based buffer over-read and later out-of-bounds...

Getting the correct HTML codecs parameter for an AV1 video

This post is mostly for my own reference, but I couldn't find a good guide elsewhere, so here we go! I wanted to embed a screencast in a web page, and I wanted it to be as efficient as possible. To achieve this, I created two version of the video, and embedded it like this: The MP4 version uses t...

CVE-2022-1924

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using lzo decompression. This vulnerability can result in application crash, memory corruption, and code execution...

CVE-2022-1923

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using bzip decompression. This vulnerability can result in application crash, memory corruption, and code execution...

CVE-2022-1922

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution...

USN-5637-1: libvpx vulnerability

It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service...

USN-5637-1 libvpx vulnerability

It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service...

OESA-2022-1736 gstreamer1-plugins-good security update

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...