Use After Free

Firefox is vulnerable to use-after-free attacks. Memory error may occur in Media Decoder when working with media files leading the application to crash and cause denial of service...

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An integer overflow in the BMP decoder allows an attacker to crash the process or gain access to unintended regions of the process memory...

SUSE-SU-2019:1019-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-11007: Fixed a heap-based buffer overflow i...

CVE-2019-11339

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via crafted MPEG-4 video data...

CVE-2019-11339

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via crafted MPEG-4 video data...

CVE-2019-11339

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via crafted MPEG-4 video data...

CVE-2019-11339

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via crafted MPEG-4 video data...

CVE-2019-11339

CVE-2019-11339 affects FFmpeg 4.0 (before 4.0.4) and 4.1 (before 4.1.2); the studio profile decoder in libavcodec/mpeg4videodec.c allows remote attackers to cause a denial of service via crafted MPEG‑4 data (out-of-bounds/out-of-array access). Remediation shown by connected docs includes updating...

CVE-2019-11339

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via crafted MPEG-4 video data...

UBUNTU-CVE-2019-11338

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service NULL pointer dereference and out-of-array access or possibly have unspecified other impact via crafted HEVC data...

[SECURITY] Fedora 30 Update: dav1d-0.2.1-3.fc30

dav1d is a new AV1 cross-platform Decoder, open-source, and focused on speed and correctness...

openh264/decoder_fuzzer: Heap-use-after-free in WelsDec::MapColToList0

Project: https://github.com/cisco/openh264.git Detailed report: https://oss-fuzz.com/testcase?key=5172836953489408 Project: openh264 Fuzzer: libFuzzeropenh264decoderfuzzer Fuzz target binary: decoderfuzzer Job Type: libfuzzerasanopenh264 Platform Id: linux Crash Type: Heap-use-after-free READ 4...

openSUSE Security Update : libarchive (openSUSE-2019-1196)

This update for libarchive fixes the following issues : Security issues fixed : - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL pointer Dereference...

OPENSUSE-SU-2019:1196-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL Pointer Dereference...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:1196-1 Rating: moderate References: 1120653 1120654 1120656 1120659 1124341 1124342 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020...

Linux/x64 - XANAX Decoder Shellcode (127 bytes)

Linux/x64 - XANAX Decoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Decoder ; Author: Alan Vivona ; Description: Reverts the xor-add-not-add-xor sequence using the same 4 byte key and executes the encoded payload. ; Tested on: x86-x64 GNU/Linux global start section .text keys.xor1 equ 0x29...

CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders

Recently the Carbon Black Threat Analysis Unit TAU analyzed the APT28 downloaders SedUploader and Zebrocy which has been observed over the previous six months. There have been several good publications regarding the code analysis of SedUploader and Zebrocy already 125679. Therefore, in this artic...

The vulnerability of the Libarchive library for working with archives, related to memory management after deallocation, allows an attacker to trigger a service failure.

The vulnerability of the library for working with Libarchive archives libarchive/archivereadsupportformatrar.c is related to a bug in the RAR format decoder. Exploiting this vulnerability may allow an attacker to cause service interruptions...

The vulnerability of the Libarchive library for working with archives, related to double memory release, allows a perpetrator to trigger a service failure.

The vulnerability of the library for working with Libarchive archives libarchive/archivereadsupportformatrar.c is related to an error in the RAR format decoder, which causes resources in memory to be re-allocated. Exploiting this vulnerability could allow a remote attacker to cause service...