60 matches found
CVE-2018-6548
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame could be freed while the corresponding pointer would not be updated,...
CVE-2018-6548
Removed by vendor...
libwebm 'ParseVP9SuperFrameIndex' function heap buffer out-of-bounds read and out-of-bounds write vulnerabilities
libwebm is an open source network media file codec library . A security vulnerability in the 'ParseVP9SuperFrameIndex' function in the common/libwebmutil.cc file in libwebm on 2018-01-30 and prior versions stems from the program's failure to validate the childframelength data of .webm files. A...
CVE-2018-6406
The function ParseVP9SuperFrameIndex in common/libwebmutil.cc in libwebm through 2018-01-30 does not validate the childframelength data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service heap-based buffer over-read and later out-of-bounds...
Heap overflow
The function ParseVP9SuperFrameIndex in common/libwebmutil.cc in libwebm through 2018-01-30 does not validate the childframelength data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service heap-based buffer over-read and later out-of-bounds...
CVE-2018-6406
The function ParseVP9SuperFrameIndex in common/libwebmutil.cc in libwebm through 2018-01-30 does not validate the childframelength data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service heap-based buffer over-read and later out-of-bounds...
CVE-2018-6406
CVE-2018-6406 affects libwebm: the ParseVP9SuperFrameIndex function in common/libwebm_util.cc does not validate child_frame_length from a .webm file, allowing remote attackers to cause information leaks or a denial of service via a heap-based buffer over-read and subsequent out-of-bounds write. T...
CVE-2018-6406
Removed by vendor...
The vulnerability of the Android operating system allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the libvpx library in the mediaserver component of the libwebm framework in the Android operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure memory...
CVE-2016-2464
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted mkv file, aka internal bug 23167726...
DEBIAN-CVE-2016-2464
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted mkv file, aka internal bug 23167726...
UBUNTU-CVE-2016-2464
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted mkv file, aka internal bug 23167726...
Memory corruption
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted mkv file, aka internal bug 23167726...
CVE-2016-2464
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted mkv file, aka internal bug 23167726...
CVE-2016-2464
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted mkv file, aka internal bug 23167726...
CVE-2016-2464
CVE-2016-2464 affects libvpx/libwebm in android mediaserver. A crafted MKV file can trigger memory corruption, enabling remote code execution or a denial of service. Affected: Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01. Root cause unspecified in pr...
Android libwebm Remote Code Execution Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA. libwebm is a file parser component for WebM. A remote code execution vulnerability exists in libwebm for Android. An attacker can exploit this vulnerability with the help of...
June 2016 Android Security Bulletin
Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while...
CVE-2016-1621
libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug...
CVE-2016-1621
libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug...