EUVD-2026-37189

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0155

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

DEBIAN-CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

CVE-2026-52718 Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

CVE-2026-52718

GStreamer AV1 parser vulnerability in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization and potential crash. A remote user could trigger an assertion abort by opening a crafted AV1 ...

EUVD-2026-17729

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument npresentations leads to heap-based buffer overflow. The attack needs to be performed...

CVE-2026-5236

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument npresentations leads to heap-based buffer overflow. The attack needs to be performed...

CVE-2026-5235

The vulnerability CVE-2026-5235 affects Axiomatic Bento4 (up to version 1.6.0-641). It targets MP4 File Parser, specifically AP4_BitReader::ReadCache in Ap4Dac4Atom.cpp, causing a heap-based buffer overflow. Exploitation is local and the exploit has been publicly disclosed. Details on affected pr...

OSV-2025-788 Heap-buffer-overflow in int arrow::bit_util::BitReader::GetBatch<int>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=447480433 Crash type: Heap-buffer-overflow READ 8 Crash state: int arrow::bitutil::BitReader::GetBatch auto arrow::util::RleBitPackedDecoder::GetBatch std::1::pair arrow::util::R...

UBUNTU-CVE-2022-43038

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4BitReader::ReadCache function in mp42ts...

Out-of-bounds

In ReadLittleEndian of rawbitreader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

UBUNTU-CVE-2019-15047

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4BitReader::SkipBits at Core/Ap4Utils.cpp...