38 matches found
CVE-2026-43222
In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...
MiracleLinux 9 : gstreamer1-plugins-bad-free-1.22.1-2.el9_3 (AXSA:2023-7048:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7048:03 advisory. gstreamer: AV1 codec parser heap-based buffer overflow CVE-2023-44429 gstreamer: MXF demuxer use-after-free vulnerability CVE-2023-44446 Tenable has...
EUVD-2023-48769
Malicious code in bioql PyPI...
Ubuntu: Security Advisory (USN-7558-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : gstreamer-plugins-bad (openSUSE-SU-2024:0305-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0305-1 advisory. Adding references for already fixed vulnerability: - CVE-2023-50186: Fixed heap-based buffer overflow in the AV1 codec parser ZDI-CAN-22300,...
[SECURITY] [DLA 3881-1] aom security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3881-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 07, 2024 https://wiki.debian.org/LTS -...
CVE-2024-0444
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
CVE-2023-44429
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
CVE-2023-44429
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
CVE-2023-50186
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
CVE-2023-44429
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
CVE-2023-44429 GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
CVE-2023-44429
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
MGASA-2024-0119 Updated gstreamer1.0 packages fix vulnerability
Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9 It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation...
Updated gstreamer1.0 packages fix vulnerability
Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9 It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation...
openSUSE: Security Advisory for gstreamer (SUSE-SU-2023:4875-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: gstreamer1-plugins-bad-free
Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...
Important: gstreamer1-plugins-bad-free
Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...
Amazon Linux 2 : gstreamer1-plugins-bad-free (ALAS-2024-2454)
The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2454 advisory. GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE:...
gstreamer: AV1 codec parser heap-based buffer overflow
A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation...