505 matches found
SUSE CVE-2019-9719
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a...
Astra Linux - уязвимость в gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using Zlib decompression. Integer overflow occurs in the matroskademux element within the gstmatroskadecompressdata function, which can cause a segfault—or potentially a heap overwrite, depending on the libc and operating system. Depending on the...
Astra Linux - уязвимость в liblivemedia
Live555 version 1.08 does not handle Matroska and Ogg files properly. Sending two consecutive RTSP SETUP commands for the same track causes a Use-After-Free error and results in a crash of the daemon...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxupdatetracks function within matroska-demux.c. The vulnerability occurs when the gstcapsisequal function is called with invalid caps...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A use-after-free vulnerability has been discovered, affecting the processing of CodecPrivate elements in Matroska streams. In the GSTMATROSKAIDCODECPRIVATE case, within the gstmatroskademuxparsestream function, a data...
Astra Linux - уязвимость в liblivemedia
Live555 before 2019.08.16 has a Use-After-Free issue, as GenericMediaServer::createNewClientSessionWithId can generate the same client session ID consecutively. This issue is handled improperly by the MPEG1or2 and Matroska file demultiplexors...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. This function does not properly check the validity of the stream-codecpriv pointer. If...
Astra Linux - уязвимость в gst-plugins-good1.0
Integer overflow in the matroskademux element within the gstmatroskademuxaddwvpkheader function, which allows for a heap overwrite during the parsing of Matroska files. There is a potential for arbitrary code execution due to the heap overwrite...
Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017385)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017385 advisory. Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potential for arbitra...
Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017384)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017384 advisory. DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gstmatroskadecompressdata function which...
Astra Linux - уязвимость в gst-plugins-good1.0
Before version 1.18.4, GStreamer might access already-freeed memory in error code paths when demuxing certain malformed Matroska files...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A vulnerability related to uninitialized stack variables has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When the size is less than 4, the program calls gstbufferunmap with an...
Astra Linux - уязвимость в gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using HEADERSTRIP decompression. Integer overflow occurs in the matroskaparse element within the gstmatroskadecompressdata function, leading to a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, this overflow cannot ...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer before version 1.18.4 may cause heap corruption when parsing certain malformed Matroska files...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxparseblockgrouporsimpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer sub...
SUSE CVE-2013-3245
plugins/demux/libmkvplugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer...
gstreamer1 -- multiple vulnerabilities
The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.2 release: Several security vulnerabilities were addressed, including: H.264 video parser NULL pointer dereference when freeing SPS/MVC data. Integer overflows in the AV1 LEB128 parser, H.266/VVC video parser, and W...
OSV-2026-455 UNKNOWN READ in mkv::matroska_segment_c::TrackInit
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=495498906 Crash type: UNKNOWN READ Crash state: mkv::matroskasegmentc::TrackInit mkv::matroskasegmentc::TrackInit mkv::matroskasegmentc::ParseTrackEntry...
MiracleLinux 8 : gstreamer1-plugins-good-1.16.1-5.el8_10 (AXSA:2024-9444:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9444:03 advisory. gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer CVE-2024-47540 gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c...
MiracleLinux 8 : gstreamer1-plugins-good-1.16.1-3.el8 (AXSA:2022-4391:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4391:01 advisory. gstreamer-plugins-good: Use-after-free in matroska demuxing CVE-2021-3497 Tenable has extracted the preceding description block directly from the MiracleLinu...