PT-2025-32016

Name of the Vulnerable Software and Affected Versions: versions affected versions not specified Description: An out-of-bounds access issue exists in the audio codec module. Successful exploitation of this issue may affect system availability. Recommendations: At the moment, there is no informatio...

CVE-2025-54874 OpenJPEG allows OOB heap memory write in opj_jp2_read_header

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

CVE-2025-54874

OpenJPEG (JPEG 2000 codec) contains a vulnerability CVE-2025-54874: in OpenJPEG 2.5.1–2.5.3, a call to opj_jp2_read_header may cause an out-of-bounds heap write when the data stream is too short and p_image is not initialized. This is referenced across multiple security advisories and vendors (Ub...

CVE-2025-54874 OpenJPEG allows OOB heap memory write in opj_jp2_read_header

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

CVE-2025-54874

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

CVE-2025-54874

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

PT-2025-31936

Name of the Vulnerable Software and Affected Versions OpenJPEG versions 2.5.3 and earlier Description OpenJPEG is an open-source JPEG 2000 codec. A call to the opj jp2 read header function may lead to an out-of-bounds heap memory write when the data stream p stream is too short and p image is not...

Medium: libvpx

Issue Overview: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488 A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. ...

SUSE CVE-2025-38423

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix double free of regulator supplies Driver gets regulator supplies in probe path with devmregulatorbulkget, so should not call regulatorbulkfree in error and remove paths to avoid double free...

RLSA-2025:8201 Important: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution...

PT-2025-40876

Name of the Vulnerable Software and Affected Versions Versions prior to 8.0 Description A heap-buffer-overflow can occur when decoding a frame for a SANM file ANIM v0 variant. Frames encoded with codec 48 can specify their resolution width x height, and a buffer is allocated based on this...

Security update for gstreamer-plugins-bad (important)

openSUSE Security Update: Security update for gstreamer-plugins-bad Announcement ID: openSUSE-SU-2025:0229-1 Rating: important References: 1242809 Cross-References: CVE-2025-3887 CVSS scores: CVE-2025-3887 SUSE: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products...

CVE-2025-38423

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix double free of regulator supplies Driver gets regulator supplies in probe path with devmregulatorbulkget, so should not call regulatorbulkfree in error and remove paths to avoid double free...

CVE-2025-38423

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix double free of regulator supplies Driver gets regulator supplies in probe path with devmregulatorbulkget, so should not call regulatorbulkfree in error and remove paths to avoid double free...

CVE-2025-38423 ASoC: codecs: wcd9375: Fix double free of regulator supplies

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix double free of regulator supplies Driver gets regulator supplies in probe path with devmregulatorbulkget, so should not call regulatorbulkfree in error and remove paths to avoid double free...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates in the wcd9375 audio codec module double release regulator supply, which could lead to memory corruption...

PT-2026-45416

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf ac4 pres b 4 back channels present function within the /media tools/av parsers.c file. This issue allows an attacker to cause a Denial of...

PT-2026-45415

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf odf ac4 cfg dsi v1 function within the /odf/descriptors.c file. This issue allows an attacker to cause a Denial of Service DoS, which is a...

The vulnerability of the MPEG-2 Video Extension codec in Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the MPEG-2 Video Extension codec in Microsoft Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE CVE-2025-38299

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMPDUMMY ETDM2INBE and ETDM1OUTBE are defined as COMPEMPTY, in the case the codec dainame will be null. Avoid a crash if the device tree is not assigning a codec to these links...