Code injection

An issue was discovered on Samsung mobile devices with O8.X, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 May 2020...

CVE-2020-12751

CVE-2020-12751 affects Samsung mobile devices running O(8.X), P(9.0), and Q(10.0). The Quram image codec library is vulnerable to memory overwrite via crafted JPEG data during decoding, enabling arbitrary code execution on impact. Public sources (NVD, Red Hat, CNVD, and related CVE records) consi...

CVE-2020-8899

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O8.x, P9.0 and Q10.0. An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an...

Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential information disclosure id 177835

Summary Financial Transaction Manager for Digital Payments FTM DP for Multi-Platform has addressed the following vulnerability. A potential vulnerability in the Apache Commons Codec module could allow information disclosure. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache...

The vulnerability of the lavc_CopyPicture function in the VideoLAN VLC media player software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the lavcCopyPicture function module/codec/avcodec/video.c in the Media Player VideoLAN VLC application is related to a buffer overflow vulnerability in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...

Arbitrary Code Execution

libvpx is vulnerable to arbitrary code execution. An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially-crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx such as Totem, would...

Denial Of Service (DoS)

netty-codec is vulnerable to denial of service DoS. The vulnerability exists as it was possible to send a large data for compression, causing large buffer allocation sizes in the client JVM...

libvpx: User-assisted execution of arbitrary code

Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a...

PT-2021-6495 · Libde265 +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.4 Description: The issue is related to a heap buffer overflow in the mc chroma function of the libde265 video codec implementation for h.265. This can be exploited by a remote attacker using a specially crafted file,...

PT-2020-6587

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http2 versions prior to 4.1.61.Final Description: The issue is related to a lack of proper validation of the content-length header in HTTP/2 requests. If a request only uses a single Http2HeaderFrame with the endStream se...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +29658 more potentially affected by CVE-2019-20444 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.43.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

Cisco TelePresence Collaboration Endpoint Path Traversal Vulnerability

Cisco RoomOS Software and Cisco?TelePresence Collaboration Endpoint CE are both products of the U.S. Cisco Cisco.Cisco RoomOS Software is a set of automated management software for Cisco devices. The software is mainly used for upgrading and managing the motherboard firmware of Cisco...

CVE-2019-13962 avcodec lavc_CopyPicture Heap Buffer Overflow

VLC media player is a free and open-source portable cross-platform media player software developed by the VideoLAN project. VLC is available for desktop operating systems and mobile platforms, such as Android, iOS, iPadOS, Wizen, Windows 10 Mobile, and Windows Phone. It is also available on digit...

Buffer overflow

Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2019-14057

CVE-2019-14057 is a buffer over-read in the codec private data while parsing MKV files, triggered by missing buffer-size validation during read in Qualcomm Snapdragon platforms (including Snapdragon Auto/Compute/Connectivity, IoT variants, and related SoCs such as APQ8xxx, SDM/SM series). Root ca...

[SECURITY] Fedora 30 Update: openjpeg2-2.3.1-4.fc30

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The vulnerability exists as it improperly handles whitespaces in the Transfer-Encoding, and the Content-Length headers. This vulnerability is caused by an incomplete fix for CVE-2019-16869...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +325 more potentially affected by CVE-2020-35902 via actix-codec (>=0.1.2 <=0.2.0)

actix-codec CARGO version =0.1.2, =0.1.0, =0.8.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.1 - actix-delay =0.1.0 - actix-diesel-actor =0.1.1 and more Source cves: CVE-2020-35902 Source advisory: OSV:RUSTSEC-2020-0049...

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The library does not properly validate duplicate Content-Length header fields and the Transport-Encoding headers, allowing a remote attacker to smuggle HTTP request by submitting a malicious Transport-Encoding header...

PT-2020-6487 · FFmpeg +4 · Ffmpeg +4

Name of the Vulnerable Software and Affected Versions: ffmpeg versions prior to 4.3 Description: The issue is related to the tty demuxer in the FFmpeg library, which did not have a read probe function assigned to it. This can be exploited by crafting a legitimate "ffconcat" file that references a...