Heap-based Buffer Overflow

jasper is vulnerable to heap-buffer overflow vulnerability. A remote attacker could exploit the flaw by allocating inadequate sizes to the buffer, causing denial of service. The affected component is JPC Codec...

Denial Of Service (DoS)

libjasper.so is vulnerable to denial of service. A lack of domain checks for the ICT/RCT in the JPC codec allows an attacker to cause an unexpected application termination through reachable assertions...

[SECURITY] Fedora 30 Update: libmediainfo-18.12-3.fc30

This package contains the shared library for MediaInfo. MediaInfo supplies technical and tag information about a video or audio file. What information can I get from MediaInfo? General: title, author, director, album, track number, date, duration... Video: codec, aspect, fps, bitrate... Audio:...

Debian DSA-4405-1 : openjpeg2 - security update

Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution. - CVE-2017-17480 Write stack-based buffer overflow in the jp3d and jpwl codecs can result in a denial of service or...

Security Bulletin: IBM InfoSphere Change Data Capture is affected by Apache Commons Codec open source library vulnerabilities

Summary InfoSphere Data Replication has addressed the following vulnerabilities: CVE-2010-0001 CVE-2009-0001 Vulnerability Details CVEID: CVE-2010-0001 DESCRIPTION: GNU gzip could allow a remote attacker to execute arbitrary code on the system caused by an integer underflow in the unlzw function...

skia/android_codec: Use-of-uninitialized-value in sse2::blit_row_s32a_opaque

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5678951362461696 Project: skia Fuzzer: libFuzzerskiaandroidcodec Fuzz target binary: androidcodec Job Type: libfuzzermsanskia Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

Debian: Security Advisory (DLA-1614-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1614-1 : openjpeg2 security update

Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2018-6616 Excessive iteration in the opjt1encodecblks function openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVE-2018-14423...

skia/android_codec: Use-of-uninitialized-value in sse2::blit_row_s32a_opaque

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5690776718147584 Project: skia Fuzzer: libFuzzerskiaandroidcodec Fuzz target binary: androidcodec Job Type: libfuzzermsanskia Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

USN-3839-1: WavPack vulnerabilities

It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-19840, CVE-2018-19841...

CVE-2018-11261

Technical details about CVE-2018-11261 are not publicly provided in the supplied connected documents. Monitor for updates; no concrete affected products, versions, or fixes are confirmed in these sources.

CVE-2018-11261

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application using codec service will be affected...

Design/Logic Flaw

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application using codec service will be affected...

CVE-2018-11261

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application using codec service will be affected...

CVE-2018-19530

HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...

CVE-2018-19531

HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...

HTTL Remote Command Execution Vulnerability (CNVD-2019-05940)

HTTL also known as Hyper-Text Template Language is an open source Java template engine , it is mainly used for dynamic HTML page output . HTTL 1.0.11 and earlier versions of the 'decodeXml' function has a security vulnerability that stems from the fact that when configured with...

JasPer Null Pointer Dereference Vulnerability (CNVD-2019-00809)

JasPer is a Canadian software developer Michael Adams developed a JPEG-2000 codec / decoder open source implementation . A null pointer dereference vulnerability exists in the 'jp2decode' function in the libjasper/jp2/jp2dec.c file in version 2.0.14 of JasPer, which can be exploited by an attacke...

[SECURITY] [DLA 1579-1] openjpeg2 security update

Package : openjpeg2 Version : 2.1.0-2+deb8u5 CVE ID : CVE-2017-17480 CVE-2018-18088 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2017-17480 Write stack buffer overflow due to missing buffer length formatter in fscanf call jp3d and jpwl codecs...

Libav Denial of Service Vulnerability (CNVD-2019-23073)

Libav formerly FFmpeg is Libav team's set of cross-platform audio and video can be recorded, converted to a solution, which includes a libavcodec encoder. A denial of service vulnerability exists in the 'ffvc1parseframeheaderadv' function of the vc1.c file in Libav version 12.3, which can be...