The vulnerability of the FFmpeg multimedia library, which allows a hacker to perform recording beyond the memory limit

The vulnerability of the FFmpeg multimedia library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a malicious actor to perform write operations beyond the memory boundaries, related to the function ipvideodecodeblockopcode0xA in...

The vulnerability of the FFmpeg multimedia library, which allows a hacker to perform recording beyond the memory limit

The vulnerability of the FFmpeg multimedia library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a malicious actor to perform write operations beyond the memory boundaries, related to the function ffh264SliceContextInit in libavcodec/h264dec.c...

The vulnerability of the FFmpeg multimedia library, which allows a hacker to perform recording beyond the memory limit

The vulnerability of the FFmpeg multimedia library arises from buffer overflows in the stack. Exploiting this vulnerability allows a malicious actor to perform out-of-memory writes, related to the decodezbuf function in libavcodec/pngdec.c...

Humax HG100R 2.0.6 - Backup File Download

Humax HG100R 2.0.6 - Backup File Download coding: utf-8 Exploit Title: Humax Backup file download Date: 29/06/2017 Exploit Author: gambler Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-7315 import sys import base64 import shodan import requests...

UBUNTU-CVE-2017-9994

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pixfmt is set, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecifie...

Adobe Flash - Image Decoding Out-of-Bounds Read Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1215 The attached png file causes an out-of-bounds read when being decoded by flash. To reproduce the issue, put LoadImage.swf and read1.png on a server, and visit:...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2017:1669-1)

The Mozilla Firefox was updated to the new ESR 52.2 release, which fixes the following issues bsc1043960 : - MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus encoder - MFSA 2017-16/CVE-2017-7749 Use-after-free during docshell reloading - MFSA 2017-16/CVE-2017-7751 Use-after-free with content...

Adobe Flash - Image Decoding Out-of-Bounds Read

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1215 The attached png file causes an out-of-bounds read when being decoded by flash. To reproduce the issue, put LoadImage.swf and read1.png on a server, and visit: http://127.0.0.1/LoadImage.swf=read1.png Proof of Concept:...

Adobe Flash - Image Decoding Out-of-Bounds Read

Adobe Flash - Image Decoding Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1215 The attached png file causes an out-of-bounds read when being decoded by flash. To reproduce the issue, put LoadImage.swf and read1.png on a server, and visit:...

Null pointer dereference

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

The vulnerability of the TrustZone component in the Android operating system allows a hacker to simplify the process of decoding messages.

The vulnerability of the TrustZone component in the Android operating system arises due to synchronization errors when using shared resources. Exploiting this vulnerability can enable a remote attacker to simplify the process of decoding messages...

The vulnerability of the embedded file system (EFS) of the Android operating system allows a hacker to simplify the process of decoding messages.

The vulnerability of the embedded file system EFS of the Android operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can enable a malicious actor to simplify the process of decoding messages remotely...

UBUNTU-CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

[SECURITY] Fedora 25 Update: libtasn1-4.12-1.fc25

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...

Important: jasper

Issue Overview: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577,...

openSUSE Security Update : ffmpeg2 (openSUSE-2017-631)

This update for ffmpeg2 fixes security issues, bugs, and enables AC3 and MP3 decoding. The following vulnerabilities were fixed : - CVE-2017-7863: heap-based buffer overflow bsc1034179 - CVE-2017-7865: heap-based buffer overflow bsc1034177 - CVE-2017-7866: stack-based buffer overflow bsc1034176 -...

[ASA-201705-21] lib32-nss: arbitrary code execution

Arch Linux Security Advisory ASA-201705-21 ========================================== Severity: Critical Date : 2017-05-29 CVE-ID : CVE-2017-5461 Package : lib32-nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-248 Summary ======= The package lib32-nss...

DEBIAN-CVE-2017-9110

In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)

The remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986995 CVE-2017-7895 - ocfs2/o2net: o2netlistendataready should do nothing if socket state is not TCPLISTEN Tariq Saeed...