527 matches found
MAL-2024-1571 Malicious code in asf-recorder (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0170c1a6080f641f60e56118c5047b047d529133a2aa949043ed62e0bac90488 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
RHEL 6 : exempi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - exempi: Use after free via a PDF file containing JPEG data CVE-2017-18234 - An issue was discovered in...
PT-2024-40722 · Exiv2 · Exiv2
Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the Exiv2::AsfVideo::GUIDTag::GUIDTag, Exiv2::AsfVideo::streamProperties, and...
exiv2 -- Out-of-bounds read in AsfVideo::streamProperties
Kevin Backhouse reports: An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0, so Exiv2 versions before v0.28 are not affected. The out-of-bounds read is triggered when Exiv2 is used to read the...
Fedora: Security Advisory for apache-commons-pool (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: apache-commons-pool-1.6-37.fc40
The goal of Pool package is it to create and maintain an object instance pooling package to be distributed under the ASF license. The package should support a variety of pool implementations, but encourage support of an interface that makes these implementations interchangeable...
PT-2023-26864 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.0 through 5.5 Description: A stack buffer overflow vulnerability discovered in AsfSecureBootDxe allows attackers to run arbitrary code execution during the DXE phase. Recommendations: For versions 5.0 through 5.5, conside...
Oracle Linux 7 : GStreamer (ELSA-2017-2060)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2060 advisory. clutter-gst2 2.0.18-1 - Update to 2.0.18 - Remove obsolete patches - Use license macro for COPYING - Resolves: 1386833 gnome-video-effects 0.4.3-1 -...
[SECURITY] Fedora 38 Update: loudgain-0.6.8-13.fc38
loudgain is a versatile ReplayGain 2.0 loudness normalizer, based on the EBU R128/ITU BS.1770 standard -18 LUFS and supports FLAC/Ogg/MP2/MP3/MP4/M4A/ALAC/Opus/ASF/WMA/WAV/WavPack/AIFF/APE audio files. It uses the well-known mp3gain commandline syntax but will never modify the actual audio data...
Fedora: Security Advisory for loudgain (FEDORA-2023-a5e10b188a)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE CVE-2004-1285
Buffer overflow in the getheader function in asfmmststreaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream...
SUSE CVE-2006-0579
Multiple integer overflows in 1 the newdemuxpacket function in demuxer.h and 2 the demuxasfreadpacket function in demuxasf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this informati...
SUSE CVE-2006-1502
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via 1 a certain ASF file handled by asfheader.c that causes the asfdescrambling function to be passed a negative integer after the conversion from a char t...
SUSE CVE-2012-2392
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service infinite loop via vectors related to the 1 ANSI MAP, 2 ASF, 3 IEEE 802.11, 4 IEEE 802.3, and 5 LTP dissectors...
SUSE CVE-2014-1684
The ASFReadObjectfileproperties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service divide-by-zero error and crash via a zero minimum and maximum data packet size in an ASF file...
SUSE CVE-2017-14223
In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...
SUSE CVE-2017-18236
An issue was discovered in Exempi before 2.4.4. The ASFSupport::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASFSupport.cpp allows remote attackers to cause a denial of service infinite loop via a crafted .asf file...
SUSE CVE-2018-1999011
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asfo format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be...
SUSE CVE-2019-14535
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file...
SUSE CVE-2019-14534
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack...