GHSA-86QR-9VQC-PGC6 Code execution in Spring Integration

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle

Posted by Mateusz Jurczyk, Project Zero This post is the fourth of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published ...

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

CVE-2020-5413

CVE-2020-5413 affects Spring Integration Kryo-based (de)serialization. When Kryo is configured with default options, unregistered classes can be resolved on demand, enabling deserialization gadgets to execute malicious code during data intake. The provided connected documents confirm the issue an...

MMS Exploit Part 3: Constructing the Memory Corruption Primitives

Posted by Mateusz Jurczyk, Project Zero This post is the third of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published a...

MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec

Posted by Mateusz Jurczyk, Project Zero This post is the second of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published ...

USN-4199-2: libvpx vulnerabilities

USN-4199-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted We...

Security Bulletin: Public disclosed vulnerability from Apache Commons Codec affects IBM Spectrum LSF Explorer, IBM Spectrum LSF Suite, and IBM Spectrum LSF Suite for HPA

Summary Public disclosed vulnerability from Apache Commons Codec affects IBM Spectrum LSF Explorer, IBM Spectrum LSF Suite, and IBM Spectrum LSF Suite for HPA. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

OpenJPEG Resource Management Error Vulnerability (CNVD-2021-22130)

OpenJPEG is a C-based open source JPEG2000 codec . A resource management error vulnerability exists in the jp2/opjdecompress.c file in OpenJPEG 2.3.1 and earlier versions. The vulnerability arises from mismanagement of system resources e.g., memory, disk space, files, etc. by a networked system o...

Low: Red Hat Security Advisory: AMQ Clients 2.7.0 Release

An update is now available for Red Hat AMQ Clients 2.7.0. Red Hat Product Security has rated this update as having a Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

DEBIAN-CVE-2020-14034

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusgetcodecfrompt in utils.c has a Buffer Overflow via long value in an SDP Offer packet...

UBUNTU-CVE-2020-14034

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusgetcodecfrompt in utils.c has a Buffer Overflow via long value in an SDP Offer packet...

CVE-2019-19721

VLC media player

DEBIAN-CVE-2020-11524

libfreerdp/codec/interleaved.c in FreeRDP versions 1.0 through 2.0.0-rc4 has an Out-of-bounds Write...

DEBIAN-CVE-2020-11521

libfreerdp/codec/planar.c in FreeRDP version 1.0 through 2.0.0-rc4 has an Out-of-bounds Write...

UBUNTU-CVE-2020-11521

libfreerdp/codec/planar.c in FreeRDP version 1.0 through 2.0.0-rc4 has an Out-of-bounds Write...

Samsung Qmage codec for Android Skia library does not properly validate image files

Overview The Samsung Qmage codec used in the Android Skia library does not properly validate image files. A number of memory corruption vulnerabilities allow an attacker to execute arbitrary code by causing a vulnerable system to parse a Qmage file. Description The Samsung May 2020 Android Securi...

CVE-2020-12751

An issue was discovered on Samsung mobile devices with O8.X, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 May 2020...

CVE-2020-12751

An issue was discovered on Samsung mobile devices with O8.X, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 May 2020...