[SECURITY] [DSA 6276-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6276-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2026 https://www.debian.org/security/faq -...

CVE-2026-27026 pypdf possibly has long runtimes for malformed FlateDecode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

CVE-2026-27026 pypdf possibly has long runtimes for malformed FlateDecode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

PJSIP 资源管理错误漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Prior to PJSIP version 2.17, there was a resource management vulnerability. This vulnerability stemmed from t...

MGASA-2025-0327 Updated ffmpeg packages fix security vulnerabilities

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed...

EUVD-2025-35059

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...

gstreamer: AV1 codec parser heap-based buffer overflow

A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation...

gstreamer: AV1 codec parser heap-based buffer overflow

A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation...

gstreamer: AV1 codec parser heap-based buffer overflow

A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation...

Heap-based Buffer Overflow

gst-plugins-bad gstreamer: AV1 codec parser is vulnerable to Heap-based Buffer Overflow. The vulnerability is caused due to a failure in handling / processing certain malformed streams. A malicious user can use this flaw to trigger a crash in the application and possibly affect code execution...

GStreamer Security Vulnerability

GStreamer is a set of frameworks for processing streaming media. A security vulnerability exists in GStreamer versions prior to 1.22.7, which stems from a heap-based buffer overflow vulnerability in the AV1 codec parser when processing certain malformed streams, which can be exploited by an...

USN-3958-1 gst-plugins-base0.10, gst-plugins-base1.0 vulnerability

It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams. If a user were tricked into opening a crafted RTSP stream with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code...

ffmpeg -- multiple vulnerabilities

Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary...

CVE-2009-0901

The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantCle...

Broadcast crash in Vypress Tonecast 1.3

Luigi Auriemma Application: Vypress Tonecast http://www.vypress.com/products/tonecast/ Versions: = 1.3 both the program and the plugin for Winamp Platforms: Windows Bug: crash Exploitation: remote, versus receivers broadcast Date: 19 October 2004 Author: Luigi Auriemma e-mail: [email protected]...