Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the H264 stateless decoder’s “smatch” warning. A “smatch static checker” warning was also fixed in vdech264reqif.c. This issue causes the kernel to crash when fb is NULL...

SUSE CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

CVE-2026-43310

A flaw was found in the Linux kernel's Verisilicon media driver. On the i.MX8MQ platform, simultaneous decoding of H.264 and HEVC video streams by the g1 and g2 Video Processing Units VPUs can lead to a bus error. This issue can result in corrupted video output and potentially cause a system hang...

EUVD-2026-28580

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

Linux Distros Unpatched Vulnerability : CVE-2026-43310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot deco...

PT-2026-38952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description On the i.MX8MQ platform, a hardware limitation exists where the g1 VPU and g2 VPU cannot perform decoding simultaneously. Concurrent operation leads to a bus error, resulting in corrupte...

CVE-2026-33986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

CVE-2026-33986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

CVE-2026-33986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

CVE-2026-33986

Vulnerability CVE-2026-33986 affects FreeRDP prior to 3.24.2. In yuv_ensure_buffer() (libfreerdp/codec/h264.c), h264->width and h264->height are inflated before the reallocation loop; if winpr_aligned_recalloc() fails, the function returns FALSE but width/height remain inflated. This is res...

openSUSE 16 Security Update : freerdp2 (openSUSE-SU-2026:20320-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20320-1 advisory. Changes in freerdp2: - Multiple CVE fixes: CVE-2026-24491, bsc1257981, CVE-2026-24675, bsc1257982, CVE-2026-24676, bsc1257983, CVE-2026-24679,...

OPENSUSE-SU-2026:20320-1 Security update for freerdp2

This update for freerdp2 fixes the following issues: Changes in freerdp2: - Multiple CVE fixes: CVE-2026-24491, bsc1257981, CVE-2026-24675, bsc1257982, CVE-2026-24676, bsc1257983, CVE-2026-24679, bsc1257986, CVE-2026-24681, bsc1257988, CVE-2026-24682, bsc1257989, CVE-2026-24683, bsc1257990,...

CVE-2026-26967

A flaw was found in PJSIP. A remote attacker could exploit a heap-based buffer overflow vulnerability in the H.264 unpacketizer by sending specially crafted Secure Real-time Transport Protocol SRTP packets. The unpacketizer fails to validate the bounds of a 2-byte Network Abstraction Layer NAL un...

CVE-2026-26967 PJSIP has a Heap-based Buffer Overflow vulnerability in its H.264 unpacketizer

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL...

CVE-2026-26967

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL...

UBUNTU-CVE-2026-26203

PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked...

CVE-2026-26203

PJSIP (pjproject) versions prior to 2.17 contain a heap buffer underflow in the H.264 packetizer when processing malformed bitstreams without NAL unit start codes. The packetizer performs unchecked pointer arithmetic, potentially reading memory before the allocated buffer. A patch is available in...

CVE-2026-26203

PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked...

PT-2026-20921

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description PJSIP, a multimedia communication library, contains a heap buffer underflow issue in its H.264 packetizer. This occurs when processing H.264 bitstreams lacking NAL unit start codes, leading to unchecked...

CVE-2026-24677

Summary: CVE-2026-24677 affects FreeRDP before 3.22.0. The vulnerable component is ecam_encoder_compress_h264, which trusts server-controlled dimensions and does not validate the source buffer size, causing an out-of-bounds read in sws_scale. The issue is fixed in version 3.22.0. Impact (from sou...