CVE-2017-2925

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution...

CVE-2017-2925

CVE-2017-2925 is an Adobe Flash Player memory corruption vulnerability in the JPEG XR codec affecting Flash Player 24.0.0.186 and earlier. Successful exploitation could enable arbitrary code execution on a remote host. The issue is one of multiple CVEs addressed in January 2017 Flash updates; mit...

CVE-2017-2925

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution...

PT-2017-1126 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 24.0.0.186 and earlier Description: The issue is related to a memory corruption vulnerability in the JPEG XR codec of Adobe Flash Player. This vulnerability can be exploited to achieve arbitrary code execution. The...

MS10-062: Vulnerability in MPEG-4 Codec could allow remote code execution

MS10-062: Vulnerability in MPEG-4 Codec could allow remote code execution Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 SP2. For more information, refer to this...

MS10-055: Vulnerability in Cinepak codec could allow remote code execution

MS10-055: Vulnerability in Cinepak codec could allow remote code execution Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 SP2. For more information, refer to this...

[SECURITY] Fedora 25 Update: flac-1.3.2-1.fc25

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

libjpeg-turbo: User-assisted execution of arbitrary code

Background libjpeg-turbo is a JPEG image codec that uses SIMD instructions MMX, SSE2, NEON, AltiVec to accelerate baseline JPEG compression and decompression. Description The accelerated Huffman decoder was previously invoked if there were 128 bytes in the input buffer. However, it is possible to...

SUSE-SU-2016:3296-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes: - Check an integer overflow CVE-2016-9445 and initialize a buffer CVE-2016-9446 in vmncdec. bsc1010829 - CVE-2016-9809...

JasPer Denial of Service Vulnerability (CNVD-2016-12988)

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. JasPer suffers from a denial of service vulnerability. An attacker could exploit this issue to cause a denial of service condition...

Asterisk Opus Codec DoS (AST-2016-008)

According to its SIP banner, the version of Asterisk running on the remote host is 13.12.x prior to 13.13.1 or 14.x prior to 14.2.1. It is, therefore, affected by a denial of service vulnerability in the Opus codec when handling SDP offer or answer requests due to improper parsing of format...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service DoS attacks. These attacks are possible because it does not respect the limit on max http header size. This is caused because control characters are indefinitely skipped and the parsing never ends...

Code injection

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...

CVE-2016-9937

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...

CVE-2016-9937

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...

CVE-2016-9937

CVE-2016-9937 affects Asterisk Open Source versions 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. When an SDP offer/answer contains Opus and parameters separated by spaces, the Opus SDP parser recurses and crashes, causing a denial of service. The issue is remote and unauthenticated,...

CVE-2016-9937

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...

FreeBSD : asterisk -- Crash on SDP offer or answer from endpoint using Opus (9e6640fe-be3a-11e6-b04f-001999f8d30b)

The Asterisk project reports : If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the...

[SECURITY] Fedora 24 Update: openjpeg2-2.1.2-2.fc24

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-2.fc25

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...