CVE-2018-5857

In the WCD CPE codec, a Use After Free condition can occur in all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...

CVE-2018-5857

In CVE-2018-5857, the issue is a Use-After-Free in the WCD CPE codec used by CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) via the Linux kernel. The root cause is a memory management defect in wcd_cpe_core that can be triggered locally. The CVSS metrics indicate a Local ...

CVE-2018-5857

In the WCD CPE codec, a Use After Free condition can occur in all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...

Google Android Qualcomm component remote code execution vulnerability (CNVD-2018-12662)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A remote code execution vulnerability exists in the Google Android Qualcomm component Hardware codec. A remote attacker could exploit this vulnerability to execute code...

Google Patches 11 Critical Android Bugs in June Update

Google patched 57 vulnerabilities Monday affecting the Android operating system and kernel and chipset components tied to third-party firms MediaTek, NVIDIA and Qualcomm. Eleven of the bugs are rated critical and 46 are rated high. Google said the most severe of the vulnerabilities are remote cod...

Thinwire+ Support for H.264 Build-To-Lossless for transient content.

Introduction One of the features of Thinwire+ is “build to lossless” for transient content. This means that content such as3D or other moving imageryis initially displayed at low quality to improve frame rates and overall interactivity. Once user input has stopped, transient images are gradually...

The vulnerability of the Qualcomm Sound Codec component in the Android operating system allows a hacker to enhance their privileges and execute arbitrary code.

The vulnerability of the Qualcomm Sound Codec component in the Android operating system is related to insufficient access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code using a specially crafted application...

[SECURITY] Fedora 27 Update: flac-1.3.2-7.fc27

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

Debian DSA-4197-1 : wavpack - security update

Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed. The oldstable distribution jessie is not affected. C Tenable Network Security, Inc. The descriptive text and packa...

[SECURITY] Fedora 28 Update: flac-1.3.2-7.fc28

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

[SECURITY] [DSA 4197-1] wavpack security updaze

------------------------------------------------------------------------- Debian Security Advisory DSA-4197-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2018 https://www.debian.org/security/faq -...

USN-3637-1: WavPack vulnerabilities

Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. CVE-2018-10536, CVE-2018-10537 Thuan Pham, Marcel Böhme, Andrew...

DEBIAN-CVE-2017-6888

An error in the "readmetadatavorbiscomment" function src/libFLAC/streamdecoder.c in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file...

MS10-026: Vulnerability in Microsoft MPEG Layer-3 codec could allow remote code execution

MS10-026: Vulnerability in Microsoft MPEG Layer-3 codec could allow remote code execution Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 SP2. For more information,...

Denial Of Service (DoS) Through Stack Buffer Overflow

libtiff.so is vulnerable to denial of service DoS through stack-based buffer overflow. The vulnerability exists in the TIFFGetField function where a stack-based buffer overflow can occur, when parsing a tiff file, depending on whether a codec was enabled...

Google Android Media framework(libavc) security vulnerability

Android on Google Pixel and Nexus is a Linux-based open source operating system for Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA, with the Media framework libavc as a framework for multimedia development. is a framework used for multimedia...

CVE-2016-10231

An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR1096799...

Privilege escalation

An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR1096799...

CVE-2016-10231

An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR1096799...

CVE-2016-10231

CVE-2016-10231 is an elevation-of-privilege vulnerability in the Qualcomm sound codec driver affecting the Android kernel. The issue could allow a local attacker with access to the device to execute code with kernel privileges. Public references in the connected records tie it to the Qualcomm sou...