EUVD-2011-2919

Malware in sbrugna...

CVE-2025-25467

Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file...

CVE-2025-25467

CVE-2025-25467 affects libx264 (git master). The vulnerability is insufficient tracking and releasing of allocated used memory, enabling arbitrary code execution via a crafted AAC file. CVSSv3.1: 9.8 (CRITICAL), vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Reported across multiple feeds; exact vu...

PT-2025-6966

Name of the Vulnerable Software and Affected Versions: FFmpeg git-master commit N-113007-g8d24a28d06 Description: A reachable assertion in FFmpeg allows attackers to cause a Denial of Service DoS via opening a crafted AAC file. Recommendations: For FFmpeg git-master commit N-113007-g8d24a28d06,...

Platform Update Supplement for Windows Vista and for Windows Server 2008

Platform Update Supplement for Windows Vista and for Windows Server 2008 INTRODUCTION The Platform Update Supplement for Windows Vista and for Windows Server 2008 is available. This update provides fixes and improvements to graphics, media foundation and print functionality in Windows Vista Servi...

[SECURITY] [DSA 4522-1] faad2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4522-1 [email protected] https://www.debian.org/security/ Hugo Lefeuvre September 15, 2019 https://www.debian.org/security/faq -...

PT-2018-14822 · FFmpeg · Libav

Name of the Vulnerable Software and Affected Versions: Libav version 12.3 Description: The issue is related to an invalid memory access in the vc1 decode frame function in libavcodec/vc1dec.c, which can be exploited by attackers to cause a denial-of-service via a crafted aac file. Recommendations...

Memory Corruption Vulnerability in Domi Music PC Client

Duo Mi Music PC client is a music player under Beijing Caiyun Online Technology Development Co. A memory corruption vulnerability exists in the DuoMi Music PC client when opening specific aac files, which can be exploited by attackers to cause a denial of service...

RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way...

CVE-2011-2951

Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted rawdataframe field in an AAC file...

CVE-2010-0125

RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors...

VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005)

VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability VUPEN-SR-2010-005 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "RealPlayer is a media player available to play, manage and download all your mp3, flash and video files" from...

Apple iTunes buffer overflow

Buffer overflow on MP4 / AAC files covr tag parsing...

Apple iTunes integer overflow

Inter overflow on AAC files parsing .M4A, .M4P with invalid samplesizetable value...