PT-2018-18154 · FFmpeg +1 · Ffmpeg +1

Name of the Vulnerable Software and Affected Versions: FFmpeg versions 2.8 through 3.4.2 Description: The issue allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data. This is due to a problem in the decode ini...

skia/animated_image_decode: Container-overflow in piex::GetFullCropDimension

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5667932416770048 Project: skia Fuzzer: libFuzzerskiaanimatedimagedecode Fuzz target binary: animatedimagedecode Job Type: libfuzzerasanskia Platform Id: linux Crash Type: Container-overflow READ 4...

laztools.com XSS vulnerability

Open Bug Bounty ID: OBB-563492 Description| Value ---|--- Affected Website:| laztools.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

skia/image_decode: Heap-buffer-overflow in GetLE16

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5727301313495040 Project: skia Fuzzer: aflskiaimagedecode Fuzz target binary: imagedecode Job Type: aflasanskia Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6070000004...

DEBIAN-CVE-2018-6621

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

UBUNTU-CVE-2018-6621

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

Ffmpeg 'decode_frame' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'decodeframe' function in the libavcodec/utvideodec.c file in FFmpeg 3.4.1 and earlier versions. A remote attacker can exploit this vulnerability to...

CVE-2017-1000414

ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service...

CVE-2017-1000414

ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service...

Design/Logic Flaw

ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service...

CVE-2017-1000414

ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service...

GNU Libtasn1 '_asn1_decode_simple_ber' function stack exhaustion vulnerability

GNU Libtasn1 is an ASN.1 architecture management library for use in GnuTLS a secure communications library that implements the SSL, TLS, and DTLS protocols by software developer Fabio Fiorina. A security vulnerability exists in the 'asn1decodesimpleber' function in the decoding.c file in GNU...

CVE-2018-6003

An issue was discovered in the asn1decodesimpleber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS...

DEBIAN-CVE-2018-5248

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixeldecode function...

UBUNTU-CVE-2018-5248

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixeldecode function...

Foxit Reader LZWDecode Information Disclosure Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. An information disclosure vulnerability exists in Foxit Reader version 8.3.2.25013, which occurs when the program fails to properly validate user-submitted data. The vulnerability can be exploited by a remote attacke...

HDF5 'H5Opline_pline_decode' function out-of-bounds read vulnerability

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. An out-of-bounds read vulnerability exists in the 'H5Oplineplinedecode' function of the H5Opline.c file in the libhdf5.a file in...

HDF5 Out-of-Bounds Write Vulnerability

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. An out-of-bounds write vulnerability exists in the 'H5Gentdecodevec' function of H5Gcache.c in libhdf5.a in HDF5 version 1.10.1...

UBUNTU-CVE-2017-17505

In HDF5 1.10.1, there is a NULL pointer dereference in the function H5Oplinedecode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file...

DEBIAN-CVE-2017-17505

In HDF5 1.10.1, there is a NULL pointer dereference in the function H5Oplinedecode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file...