OSV-2021-315 Global-buffer-overflow in Gfx::decode_frame

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30507 Crash type: Global-buffer-overflow READ 4 Crash state: Gfx::decodeframe Gfx::GIFImageDecoderPlugin::frame Gfx::GIFImageDecoderPlugin::bitmap...

Accusoft ImageGear GIF LZW decoder heap overflow vulnerability

Summary A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this...

Tencent WeChat WXAM Decoder Out-Of-Bounds Access Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. T...

The vulnerability of the Microsoft DTV-DVD Video decoder for the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft DTV-DVD video decoder for the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

NVIDIA SHIELD TV 缓冲区错误漏洞

Nvidia NVIDIA Shield TV is a streaming media player. The Nvidia NVIDIA Shield TV NVDEC suffers from a buffer overflow vulnerability that can be exploited by a remote attacker to submit a special request, which can be used to conduct a denial of service attack or elevation of privilege...

ZynOS rom-0 Flaw Scanner

!/usr/bin/perl ZynOS rom-0 Flaw Scanner Copyright 2021 c Todor Donev https://donev.eu/ $ perl zynosscanner ZynOS rom-0 Flaw Scanner zynosscanner --targets= --threads=10 --redirects=7 --help --targets | Specify the list with addresses that you want to scan. --dump | Dump rom-0 file for each target...

CVE-2021-1668

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability...

CVE-2021-1668

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability...

Remote code execution

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability...

CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

...

CVE-2021-1668

CVE-2021-1668 : Technical details are not publicly available in the provided documents. Monitor for updates.

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

...

Microsoft Windows DTV-DVD Video Decoder Security Vulnerability

Microsoft Windows is a suite of operating systems for personal devices from Microsoft Corporation in the United States. A security vulnerability exists in the Microsoft DTV-DVD video decoder, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the...

PT-2021-1593 · Microsoft · Dtv-Dvd Video Decoder +1

Name of the Vulnerable Software and Affected Versions: Microsoft DTV-DVD Video Decoder affected versions not specified Description: The issue exists due to insufficient input validation in the Microsoft DTV-DVD Video Decoder. This allows a remote attacker to execute arbitrary code. Recommendation...

KB4598243: Windows 10 Version 1607 and Windows Server 2016 January 2021 Security Update

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685. CVE-2021-1642 - Windows DNS Query Information Disclosure Vulnerability...

CVE-2020-27038

In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154302257...

CVE-2020-27038

In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154302257...

Novel Online Shopping Malware Hides in Social-Media Buttons

A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. According to researchers at Sansec, the skimmer hides in fake social-media buttons, purporting to allow sharing on Facebook, Twitte...

[ASA-202011-13] wireshark-cli: denial of service

Arch Linux Security Advisory ASA-202011-13 ========================================== Severity: Low Date : 2020-11-17 CVE-ID : CVE-2020-28030 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1258 Summary ======= The package wireshark-cli befo...

`Decoder<R>` can carry `R: !Send` to other threads

Affected versions of this crate implements Send for Decoder for any R: Read. This allows Decoder to contain R: !Send and carry move it to another thread. This can result in undefined behavior such as memory corruption from data race on R, or dropping R = MutexGuard from a thread that didn't lock...