Libav Heap Buffer Over Read Vulnerability

Libav is an open source audio and video processing tools , providing for conversion , manipulation and streaming of various multimedia formats and protocols cross-platform tools and libraries . A heap buffer over-read vulnerability exists in decodeframe in libavcodec/lcldec.c in Libav 12.3, which...

UBUNTU-CVE-2018-19130

DISPUTED In Libav 12.3, there is an invalid memory access in vc1decodeframe in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127...

UBUNTU-CVE-2018-19128

In Libav 12.3, there is a heap-based buffer over-read in decodeframe in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file...

PT-2018-14822 · FFmpeg · Libav

Name of the Vulnerable Software and Affected Versions: Libav version 12.3 Description: The issue is related to an invalid memory access in the vc1 decode frame function in libavcodec/vc1dec.c, which can be exploited by attackers to cause a denial-of-service via a crafted aac file. Recommendations...

DEBIAN-CVE-2018-19107

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp called from psdimage.cpp in the PSD image reader may suffer from a denial of service heap-based buffer over-read caused by an integer overflow via a crafted PSD image file...

Exiv2 integer overflow vulnerability (CNVD-2019-07086)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An integer overflow vulnerability in Exiv2::IptcParser::decode in iptc.cpp in Exiv2 0.26 can be exploited by an attacker to cause a denial of service via specially crafted PSD image files...

CVE-2018-19107

Exiv2 0.26 contains a vulnerability in Exiv2::IptcParser::decode (iptc.cpp) triggered when processing crafted PSD images via PSD reader (psdimage.cpp), causing a heap-based buffer over-read due to an integer overflow. This CVE-2018-19107 entry is corroborated by multiple advisories listing Exiv2 ...

GHSA-VGRX-W6RG-8FQF Forgeable Public/Private Tokens in jwt-simple

Affected versions of the jwt-simple package allow users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT, the end result ...

CVE-2018-9444

In ih264dvideodecode of ih264dapi.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service remote hang or reboot with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...

DEBIAN-CVE-2018-18956

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service segfault and daemon crash via crafted input to the SMTP parser, as exploited in the wild in November 2018...

openvswitch: Buffer over-read in lib/ofp-actions.c:decode_bundle()

An issue was discovered in Open vSwitch OvS 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2 where the decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. A specially craft...

lighttpd < 1.4.30 base64_decode Function Out-of-Bounds Read Error DoS

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.30. It is, therefore, affected by a denial of service vulnerability. The HTTP server allows out-of-bounds values to be decoded during the auth process and later uses these values as offsets. Using negative...

Libav Buffer Overflow Vulnerability (CNVD-2019-23076)

Libav is a cross-platform solution for recording and converting audio and video, which includes a libavcodec encoder. In Libav version 12.3, a heap buffer overflow vulnerability exists in the 'vc1decodepmbintfi' function of the vc1block.c file, which can be exploited to cause a denial of service...

UBUNTU-CVE-2018-18826

There exists a heap-based buffer overflow in vc1decodepmbintfi in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file...

UBUNTU-CVE-2018-18661

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tiflzw.c...

GHSA-9QGC-P27W-3HJG High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

UBUNTU-CVE-2018-18458

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

DEBIAN-CVE-2018-18458

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

HDF5 Buffer Out-of-Bounds Read Vulnerability

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A heap buffer out-of-bounds read vulnerability exists in the 'H5Oattrdecode' function of the H5Oattr.c file in HDF51.10.3 and...

DEBIAN-CVE-2018-17437

Memory leak in the H5Odtypedecodehelper function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumption via a crafted HDF5 file...