11 matches found
nginx: Memory disclosure in the ngx_http_mp4_module
A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files from Axiomatic Systems. A security vulnerability exists in Bento4 that stems from the presence of a buffer overflow vulnerability that allows a local attacker to execute arbitrary code via AP4File::ParseStream and related...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files from Axiomatic Systems. A security vulnerability exists in Bento4 that stems from a floating point exception in the AP4TfraAtom::AP4TfraAtom function...
F5 Nginx 安全漏洞
F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx, which stems from a vulnerability that could allow an attacker to cause it to terminate by over-reading NGIN...
PT-2023-7643 · Adobe · Prelude
Name of the Vulnerable Software and Affected Versions: Adobe Prelude versions 22.6 and earlier Description: The issue is related to an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigatio...
SUSE CVE-2018-16845
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...
Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations
The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to...
Atomicparsley 缓冲区错误漏洞
Atomicparsley is an open source, lightweight command-line program for reading, parsing, and setting metadata into MPEG-4 files, specifically iTunes-style metadata. A security vulnerability exists in Atomicparsley 20210124.204813.840499f, which stems from a stack overflow vulnerability via APar...
Null Pointer Reference Vulnerability in Thunderbolt Video
Xunlei Video is a media player under Xunlei, which was officially renamed Xunlei Look Player after the launch of version 3.0. A null pointer reference vulnerability exists in Xunlei Video when opening certain MP4 files. An attacker can exploit the vulnerability to cause a denial of service,...
Bento4 mp42ts 'AP4_AtomSampleTable::GetSample' function denial of service vulnerability
Bento4 is an open source C++ library for reading and writing MP4 files. mp42ts is one of the tools to convert MP4 files to MPEG2-TS files. A security vulnerability in the Bento4 mp42ts 'AP4AtomSampleTable::GetSample' function allows remote attackers to exploit the vulnerability by submitting a...
openssl: missing bn_wexpand return value checks
OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors...