AZL-62354 CVE-2024-47602 affecting package gstreamer1 1.20.0-2

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. This function does not properly check the validity of the stream-codecpriv pointer in th...

UBUNTU-CVE-2024-47602

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. This function does not properly check the validity of the stream-codecpriv pointer in th...

Amazon Linux 2022 : libsndfile, libsndfile-devel, libsndfile-utils (ALAS2022-2022-026)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-026 advisory. An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linke...

The vulnerability of the HDMI-codec component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the HDMI-codec component in the Linux operating system’s kernel is related to errors in reading beyond the buffer memory boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons-Codec version less than 1.13

Summary A vulnerability has been identified in Apache Commons-Codec version less than 1.13, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details IBM X-Force ID: 177835...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to Apache Commons Codec (177835)

Summary IBM Sterling B2B Integrator uses Apache Commons Codec. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the...

The vulnerabilities of the Linux kernel functions wcd938x_set_swr_port() and wcd938x_get_swr_port(), which allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of the functions wcd938xsetswrport and wcd938xgetswrport in the Linux kernel’s sound/soc/codecs/wcd938x.c module are related to memory writing beyond the bounds of the allocated buffer. Exploiting these vulnerabilities could allow a remote attacker to compromise the...

CVE-2024-35369

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...

CVE-2024-35369

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...

PT-2024-26463 · FFmpeg +2 · Ffmpeg +2

Name of the Vulnerable Software and Affected Versions: FFmpeg version n6.1.1 Description: A potential security issue exists in FFmpeg due to insufficient validation of certain parameters when parsing Speex codec extradata. This could lead to integer overflow conditions, resulting in undefined...

HTTP/3 support in Reactor 2024.0 Release Train

HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...

Astra Linux – Vulnerability in libvpx

There are integer overflows in the libvpx library in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may lead to integer overflows in the calculations of buffer sizes and offsets, and some fields of the returned vpximaget struct may become invali...

CVE-2024-8025

Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that...

CVE-2024-8025

Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that...

CVE-2024-8025 Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that...

CVE-2024-8025 Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that...

CVE-2024-8025

CVE-2024-8025 affects Nikon NEF Codec, in the NRW file parsing path. The flaw is a heap-based buffer overflow caused by missing validation of user-supplied data length before copying into a heap buffer, enabling Remote Code Execution . Exploitation requires user interaction (the target must visit...

Nikon NEF Codec 安全漏洞

Nikon NEF Codec is a codec module from Nikon Japan. A security vulnerability exists in Nikon NEF Codec that originates from the failure to properly validate the length of user-supplied data before copying it to a heap-based buffer. An attacker could exploit the vulnerability to execute arbitrary...

The vulnerability of the vcodec component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the vcodec component in the Linux operating system’s kernel is related to the lack of memory re-initialization after its use in the vdechevcSliceInit function. Exploiting this vulnerability can allow an attacker to cause a service failure...

UBUNTU-CVE-2024-50266

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: videocc-sm8350: use HWCTRLTRIGGER for vcodec GDSCs A recent change in the venus driver results in a stuck clock on the Lenovo ThinkPad X13s, for example, when streaming video in firefox: videoccmvs0clk status stuck at...