UBUNTU-CVE-2015-5479

The ffh263decodemba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a file with crafted dimensions...

Oracle: Security Advisory (ELSA-2015-3054)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: libvdpau-1.1.1-1.fc22

VDPAU is the Video Decode and Presentation API for UNIX. It provides an interface to video decode acceleration and presentation hardware present in modern GPUs...

libvdpau Directory Traversal Vulnerability

libvdpau is a Unix-like system video decoding and presentation API interface VDAPU Video Decode and Presentation API for Unix in the open source library files. A directory traversal vulnerability exists in versions of libvdpau prior to 1.1.1, which allows local users to gain privileges via the...

FFmpeg ff_rv34_decode_init_thread_copy denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ffrv34decodeinitthreadcopy' function in the libavcodec/rv34.c file in versions of FFmpeg prior to 2.7.2, which is caused by the program failing to...

FFmpeg Denial of Service Vulnerability (CNVD-2015-05845)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'decodeihdrchunk' function in the libavcodec/pngdec.c file in versions of FFmpeg prior to 2.7.2, which can be exploited by remote attackers to cause a...

[SECURITY] Fedora 23 Update: libvdpau-1.1.1-1.fc23

VDPAU is the Video Decode and Presentation API for UNIX. It provides an interface to video decode acceleration and presentation hardware present in modern GPUs...

EMC RSA BSAFE multiple security vulnerabilities

Integer overflow in base64 decode, multiple crypto vulnerabilities...

ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2015-081 CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 Severity...

[SECURITY] Fedora 22 Update: flac-1.3.1-5.fc22

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

OracleVM 3.3 : kernel-uek (OVMSA-2015-0104)

The remote OracleVM system is missing necessary patches to address critical security updates : - KVM: x86: SYSENTER emulation is broken Nadav Amit Orabug: 21502739 CVE-2015-0239 CVE-2015-0239 - fs: take imutex during preparebinprm for setugid executables Jann Horn Orabug: 21502254 CVE-2015-3339 -...

nss: QuickDER decoder length issue

The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long...

ClamAV upx.c pefromupx() UPX Decode Handling Remote Denial of Service Vulnerability

ClamAV is an anti-virus application. ClamAV upx.c pefromupx handles special files with a security vulnerability that allows remote attackers to exploit the vulnerability to crash the application...

Unmediated PCI command register access in qemu

ISSUE DESCRIPTION HVM guests are currently permitted to modify the memory and I/O decode bits in the PCI command register of devices passed through to them. Unless the device is an SR-IOV virtual function, after disabling one or both of these bits subsequent accesses to the MMIO or I/O port range...

OpenSSL 'EVP_DecodeUpdate' Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial of service vulnerability exists in OpenSSL. Due to an integer underflow within the EVPDecodeUpdate function located within...

FreeBSD : OpenSSL -- multiple vulnerabilities (9d15355b-ce7c-11e4-9db0-d050992ecde8) (FREAK)

OpenSSL project reports : - Reclassified: RSA silently downgrades to EXPORTRSA Client CVE-2015-0204. OpenSSL only. - Segmentation fault in ASN1TYPEcmp CVE-2015-0286 - ASN.1 structure reuse memory corruption CVE-2015-0287 - PKCS7 NULL pointer dereferences CVE-2015-0289 - Base64 decode CVE-2015-029...

DEBIAN-CVE-2015-0292

Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact v...

Vulnerability in OpenSSL - Base64 decode

A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected such as the PEM processing routines. Maliciously crafted base 64 data could trigger a segmenation fault or memo...

jasper: heap overflow in jp2_decode() (oCERT-2014-012)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...

chromium-browser: Out-of-bounds read in vpxdecoder

The VpxVideoDecoder::VpxDecode function in media/filters/vpxvideodecoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service out-of-bounds...