[SECURITY] Fedora 21 Update: libvpx-1.3.0-7.fc21

libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide...

Mozilla Firefox and Firefox ESR 'nestegg_track_codec_data' heap buffer overflow vulnerability

Mozilla Firefox is an open source web browser. A buffer overflow vulnerability exists in Mozilla Firefox 'nesteggtrackcodecdata', which allows remote attackers to exploit specially crafted headers in WebM videos to crash an application or execute arbitrary code...

[SECURITY] Fedora 22 Update: libvpx-1.3.0-7.fc22

libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide...

DEBIAN-CVE-2015-4506

Buffer overflow in the vp9initcontextbuffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file...

KLA10672 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, spoof user interface, impact local files, execute arbitrary code or obtain sensitive information. Below...

FreeBSD : ffmpeg -- multiple vulnerabilities (3d950687-b4c9-4a86-8478-c56743547af8)

NVD reports : The decodeihdrchunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR aka image header chunk in a PNG image, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact v...

[SECURITY] Fedora 23 Update: libvpx-1.4.0-5.fc23

libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide...

FFmpeg ff_sbr_apply Denial of Service Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability in the 'ffsbrapply' function in the libavcodec/aacsbr.c file in versions of FFmpeg prior to 2.7.2 stems from the failure of the program to check for matching Spectr...

DEBIAN-CVE-2015-6826

The ffrv34decodeinitthreadcopy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via crafted 1 RV30 or 2 RV40 RealVideo dat...

CVE-2015-6823

The allocatebuffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service segmentation violation or possibly have unspecified other impact via crafted Apple Lossless Audio Codec ALAC data...

CVE-2015-6823

The vulnerability CVE-2015-6823 affects FFmpeg’s libavcodec/alac.c:allocate_buffers, where uninitialized context data can be used by crafted ALAC data to trigger a denial of service (segmentation fault) or other impact. This originates from FFmpeg before 2.7.2 failing to initialize certain pointe...

Adobe Flash - Heap Buffer Overflow Loading .FLV File with Nellymoser Audio Codec

Adobe Flash - Heap Buffer Overflow Loading .FLV File with Nellymoser Audio Codec Source: https://code.google.com/p/google-security-research/issues/detail?id=425&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id To reproduce, host the attached files appropriately and:...

Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec

Source: https://code.google.com/p/google-security-research/issues/detail?id=425&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id To reproduce, host the attached files appropriately and: http://localhost/LoadMP4.swf?file=crash4000368.flv If there is no crash at first, refresh...

[SECURITY] Fedora 23 Update: flac-1.3.1-5.fc23

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

[SECURITY] Fedora 21 Update: flac-1.3.1-5.fc21

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

[SECURITY] Fedora 22 Update: flac-1.3.1-5.fc22

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

BlackBerry Link < 1.2.3.53 Codec Demux Arbitrary Code Execution

The remote host has a version of BlackBerry Link installed that is prior to version 1.2.3.53. Therefore, it is affected by an arbitrary code execution vulnerability in the codec demux. A remote attacker can exploit this, via crafted MP4 file, to execute arbitrary code. C Tenable Network Security,...

Design/Logic Flaw

mcdemuxmp4ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file...

CVE-2015-4111

mcdemuxmp4ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file...

BlackBerry Link Codec Demux MP4 Handling Arbitrary Code Execution Vulnerability

BlackBerry Link is software that centralizes the management of devices, whether it's updating, synchronizing or switching to a new device. A security vulnerability in the handling of MP4 files by the BlackBerry Link codec demux component allows remote attackers to exploit the vulnerability to...