CVE-2016-3827

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...

CVE-2016-3830

codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service device hang or reboot via crafted ADTS data, aka internal bug 29153599...

openSUSE Security Update : vlc (openSUSE-2016-754)

This update for vlc to 2.2.4 to fix the following security issue : - CVE-2016-5108: Fix out-of-bound write in adpcm QT IMA codec boo984382. This also include an update of codecs and libraries to fix these 3rd party security issues : - CVE-2016-1514: Matroska libebml EbmlUnicodeString Heap...

Security update for vlc (important)

This update for vlc to 2.2.4 to fix the following security issue: - CVE-2016-5108: Fix out-of-bound write in adpcm QT IMA codec boo984382. This also include an update of codecs and libraries to fix these 3rd party security issues: - CVE-2016-1514: Matroska libebml EbmlUnicodeString Heap Informati...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the codecs/on2/enc/SoftVPXEncoder.cpp function in the libstagefright component of the mediaserver in the Android operating system is related to the lack of checks for the size of the OMX buffer. Exploiting this vulnerability can allow a malicious actor to enhance their...

CVE-2016-2451

codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

Debian DLA-83-1 : ffmpeg update

This update to ffmpeg disables support for over 100 codecs, decoders, and formats that are rarely used nowadays, for which the support available in squeeze is most likely insufficient, etc. This update is only meant to reduce the attack surface. ffmpeg is otherwise unsupported in squeeze-lts, and...

DEBIAN-CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

UBUNTU-CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

Asterisk DoS

Crash on empty WebSocket frame. File descriptor leak on incompatible codecs...

AST-2015-001: File descriptor leak when incompatible codecs are offered

Asterisk Project Security Advisory - AST-2015-001 Product Asterisk Summary File descriptor leak when incompatible codecs are offered Nature of Advisory Resource exhaustion Susceptibility Remote Authenticated Sessions Severity Major Exploits Known No Reported On 6 January, 2015 Reported By Y Ateya...

FreeBSD : asterisk -- File descriptor leak when incompatible codecs are offered (2eeb6652-a7a6-11e4-96ba-001999f8d30b)

The Asterisk project reports : Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP...

asterisk -- File descriptor leak when incompatible codecs are offered

The Asterisk project reports: Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP por...

[SECURITY] [DLA 83-1] ffmpeg update

Package : ffmpeg Version : 4:0.5.10-1+deb6u1 This update to ffmpeg disables support for over 100 codecs, decoders, and formats that are rarely used nowadays, for which the support available in squeeze is most likely insufficient, etc. This update is only meant to reduce the attack surface. ffmpeg...

DLA-83-1 ffmpeg - update

Bulletin has no description...

Intel Video Codecs 5.0 - Remote Denial of Service Vulnerability

No description provided by source...

openSUSE Security Update : Chromium (openSUSE-SU-2012:1637-1)

Chromium was updated to 25.0.1343 - Security Fixes bnc791234 and bnc792154 : - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding -...

RealPlayer - '.3gp' File Processing Memory Corruption

source: https://www.securityfocus.com/bid/67434/info RealPlayer is prone to a memory-corruption vulnerability. An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible bu...

GLSA-201312-11 : Win32 Codecs: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201312-11 Win32 Codecs: User-assisted execution of arbitrary code A heap-based buffer overflow exists when handling Shockwave Flash files. Impact : A remote attacker could entice a user to open a specially crafted Flash file using...

Win32 Codecs: User-assisted execution of arbitrary code

Background Win32 Codecs is a set of Windows audio and video playback codecs. Description A heap-based buffer overflow exists when handling Shockwave Flash files. Impact A remote attacker could entice a user to open a specially crafted Flash file using a package linked against Win32 Codecs, possib...