The vulnerability of the sps.cc component in the h.265 Libde265 video codec implementation allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the sps.cc component in the h.265 video codec implementation by Libde265 is related to the insufficient use of the assert function. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and even cause service failures...

CVE-2023-21000

In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918...

Out-of-bounds

In A2DPBuildCodecHeaderSbc of a2dpsbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

PT-2023-17790 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible use after free in MediaCodec.cpp due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2023-17741 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a possible out of bounds write due to a missing bounds check in the A2DP BuildCodecHeaderSbc function of a2dp sbc.cc. This could lead to local information...

Security Bulletin: IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec (CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835)

Summary IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835. The fixes include libthrift 0.17.0 & commons-codec version 1.15 Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION:...

Medium: libsndfile

Issue Overview: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read...

The vulnerability of the ff_hevc_put_hevc_epel_pixels_8_sse function (sse-motion.cc) in the h.265 Libde265 video codec implementation allows a attacker to cause a service failure.

The vulnerability of the ffhevcputhevcepelpixels8sse function sse-motion.cc in the H.265 Libde265 video codec implementation is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created file...

The vulnerability of the ff_hevc_put_weighted_pred_avg_8_sse function (sse-motion.cc) in the h.265 video codec implementation by libde265, which allows a hacker to trigger a service failure.

The vulnerability of the ffhevcputweightedpredavg8sse function sse-motion.cc in the h.265 video codec implementation by libde265 is related to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to trigger a Denial-of-Service attack using the created input file...

The vulnerability of the `put_weighted_pred_8_fallback` function (fallback-motion.cc) in the implementation of the h.265 Libde265 video codec allows a perpetrator to trigger a service failure.

The vulnerability of the putweightedpred8fallback function in the fallback-motion.cc implementation of the h.265 Libde265 codec is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to trigger a service failure using a specially created input file...

The vulnerability of the mc_chroma function (motion.cc) in the h.265 Libde265 video codec implementation, which allows a hacker to cause a service failure.

The vulnerability of the mcchroma function in the h.265 Libde265 video codec implementation is related to pointer swapping errors. Exploiting this vulnerability can allow a malicious actor to cause service failure by using a specially created file...

Amazon Linux 2 : libsndfile (ALAS-2023-1998)

The version of libsndfile installed on the remote host is prior to 1.0.25-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1998 advisory. An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially...

Medium: libsndfile

Issue Overview: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read...

Amazon Linux 2023 : libsndfile, libsndfile-devel, libsndfile-utils (ALAS2023-2023-028)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-028 advisory. An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linke...

CVE-2023-27600 OpenSIPS has vulnerability in the codec_delete_XX() functions

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

CVE-2023-27596 OpenSIPS has vulnerability in the codec_delete_XX() functions

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the streamprocess function. This issue was discovered during coverage guided...

PT-2023-21236 · Opensips · Opensis

Name of the Vulnerable Software and Affected Versions: OpenSIPS versions prior to 3.1.8 and 3.2.5 Description: OpenSIPS is a Session Initiation Protocol SIP server implementation. The issue arises when a malformed SDP body is sent multiple times to an OpenSIPS configuration that uses the stream...

[SECURITY] Fedora 38 Update: nv-codec-headers-12.0.16.0-1.fc38

FFmpeg version of headers required to interface with Nvidias codec APIs...

[SECURITY] Fedora 38 Update: ffmpeg-6.0-1.fc38

FFmpeg is a leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge. No matter if they were designed by some standards...

PT-2025-49648

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ALSA subsystem, specifically within the ca0132 driver. The tuning ctl set function may experience a buffer overrun when the loop does not break du...