PT-2020-6487 · FFmpeg +4 · Ffmpeg +4

Name of the Vulnerable Software and Affected Versions: ffmpeg versions prior to 4.3 Description: The issue is related to the tty demuxer in the FFmpeg library, which did not have a read probe function assigned to it. This can be exploited by crafting a legitimate "ffconcat" file that references a...

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software, Cisco TelePresence Codec TC Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is...

CVE-2019-14017

Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,...

openSUSE Security Update : ffmpeg-4 (openSUSE-2020-24)

This update for ffmpeg-4 fixes the following issues : ffmpeg-4 was updated to version 4.0.5, fixes boo1133153 - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote attackers to cause a denial of service out-of-array access or possibly have...

(0Day) Microsoft Windows Media Player Mpeg Audio Codec Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Platform update for Windows 7 SP1 and Windows Server 2008 R2 SP1

Platform update for Windows 7 SP1 and Windows Server 2008 R2 SP1 Summary This article describes a platform update for Windows 7 Service Pack 1 SP1 and Windows Server 2008 R2 SP1. This update improves the range and performance of the following graphics and imaging components: Direct2D DirectWrite...

The vulnerability of Google Chrome’s VP8 component, which allows a hacker to trigger a service failure

The vulnerability of Google Chrome’s VP8 codec is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using a specially created video file...

[SECURITY] [DLA 2012-1] libvpx security update

Package : libvpx Version : 1.3.0-3+deb8u2 CVE ID : CVE-2019-9232 CVE-2019-9433 Several issues have been found in libvpx, a VP8 and VP9 video codec. CVE-2019-9232 There is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no addition...

RTK IIS Codec Service 6.4.10041.133 - (RtkI2SCodec) Unquote Service Path Vulnerability

Exploit Title: RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Exploit Author: chuyreds Vendor Homepage:https://www.realtek.com/en/ Software Link: https://support.hp.com/mx-es/drivers/selfservice/hp-spectre-13-4000-x360-convertible-pc/7527520/model/7835502?sku=K8N38LA...

RTK IIS Codec Service 6.4.10041.133 - RtkI2SCodec Unquote Service Path

RTK IIS Codec Service 6.4.10041.133 - RtkI2SCodec Unquote Service Path Exploit Title: RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Google Dork: N/A Date: 2019-11-11 Exploit Author: chuyreds Vendor Homepage:https://www.realtek.com/en/ Software Link:...

The vulnerability of the Dirac and Schrodinger codecs in the VideoLAN VLC media player software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Dirac and Schrodinger codecs in the VideoLAN VLC media player software lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause system failures...

DEBIAN-CVE-2019-18804

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filterfv at IW44EncodeCodec.cpp...

CVE-2019-10541

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W,...

CVE-2019-10541

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W,...

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service. An indexOutOfBoundsException occurs when the application parses an incorrect Content-Type value that starts with a semi-colon ; in a multipart form request, allowing an attacker to cause a denial of service condition...

CVE-2019-9347

In the m4vh263 codec, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109891727...

CVE-2019-9347

In the m4vh263 codec, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109891727...

CVE-2019-9338

In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762686...

CVE-2019-9283

In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663564...