CVE-2026-46470

CVE-2026-46470 affects GStreamer gst-plugins-good before 1.28.2. The isomp4 plugin’s qtdemux_audio_caps does not sufficiently validate atom data when parsing MP4 audio tracks, enabling a denial of service via integer division by zero. Public docs from NVD/SUSE/Debian/ALPINE indicate the issue and...

EUVD-2026-30347

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

SUSE-SU-2026:0780-1 Security update for tracker-miners

This update for tracker-miners fixes the following issues: - CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. - CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files bsc1257607. -...

CVE-2025-55100 Potential out-of-bounds read in _ux_host_class_audio10_sam_parse_func()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...

EUVD-2025-10079

Malicious code in bioql PyPI...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2025 Release 1, which originates from an out-of-bounds read when parsing audi...

SUSE CVE-2021-40826

Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine...

About the security content of tvOS 15.2

About the security content of tvOS 15.2 This document describes the security content of tvOS 15.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2021-30960

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously crafted audio file may lead to disclosure of user information...

CVE-2021-30963

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information...

CVE-2021-30959

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information...

CVE-2021-30962

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information...

Apple iOS 和 iPadOS 缓冲区错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in Apple iOS and iPadOS Audio, which arises from parsing maliciously crafted audio fil...

WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8

Description A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. WordPress used an audio parsing library called ID3 that was affected by an XML External Entity XXE vulnerability affecting PHP versions 8 and above. Thi...

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd Exploit

mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is com.apple.audio.AudioFileServer, a fairly simple XPC service which will parse...

UBUNTU-CVE-2018-14589

An issue has been discovered in Bento4 1.5.1-624. AP4Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read...

Memory Override Access Vulnerability in QQ Music Client

QQ Music client is Tencent's music playback software. A memory override access vulnerability exists in the qmpmp3.dll module of the QQ Music client when parsing a specific mp3, which can be exploited by an attacker to cause a denial of service...

DEBIAN-CVE-2016-10198

The gstaacparsesinksetcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted audio file...

flash vulnerabilities:CVE-2 0 1 5-3 1 1 3 and CVE-2 0 1 5-3 0 4 3 comparison-vulnerability warning-the black bar safety net

Before we talk about Flash Player out-of-band data out-of-band problem, which consists of a Adobe release number for APSB-1 5-1 4-in. Now the Flash Player update to 1 8. 0. 0. 1 9 4 in. Our current defect analysis revealed: CVE-2 0 1 5-3 1 1 3 impact similar to the CVE-2 0 1 5-3 0 4 3 in. Are in...

Xine multiple security vulnerabilities

5 buffer overflows in real Audio parsing, vulnerabilities in mng, mod, qt, matroska formats handling...