OSV-2026-44 UNKNOWN READ in MP4_TrackSeek

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475299914 Crash type: UNKNOWN READ Crash state: MP4TrackSeek DemuxMoov Demux...

EUVD-2023-1572

Malicious code in bioql PyPI...

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

GO-2023-1826 Signature validation bypass in github.com/moov-io/signedxml

Signature validation canonicalizes the input XML document before validating the signature. Parsing the uncanonicalized and canonicalized forms can produce different results. An attacker can exploit this variation to bypass signature validation. Users of signature validation must only parse the...

Signature validation bypass in github.com/moov-io/signedxml

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

GHSA-JQVR-J2VG-GJRV Signature validation bypass in github.com/moov-io/signedxml

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

Input validation

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

PT-2023-24736 · Moov · Signedxml

Name of the Vulnerable Software and Affected Versions: Moov signedxml versions 1.0.0 and earlier Description: The issue arises from the difference in output when parsing raw XML versus canonicalized XML, allowing an attacker to bypass signature validation through a Signature Wrapping attack. This...

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

Moov signedxml 数据伪造问题漏洞

signedxml is moov open source a pure go library for processing signed XML documents . Moov signedxml version 1.0.0 and earlier versions of a security vulnerability , the vulnerability stems from parsing the original XML may lead to parsing the canonicalized XML with a different output , an attack...

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

CVE-2023-34205

CVE-2023-34205 affects moov-io/signedxml up to version 1.0.0, where parsing raw vs canonicalized XML can produce different outputs, enabling a Signature Wrapping (XSW) bypass of signature validation. The issue is documented across multiple feeds (NVD, Red Hat, GHSA, OSV) with a high CVSS (CRITICA...

SUSE CVE-2017-9122

The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file...

DEBIAN-CVE-2021-46040

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplaceshiftmoovmetaoffsets function, which causes a Denial of Servie context-dependent...

PT-2022-12521 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A Pointer Dereference issue exists via the finplace shift moov meta offsets function, which causes a Denial of Service. Recommendations: For GPAC version 1.0.1, consider disabling the finplace shift moov meta...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. GPAC has a denial of service vulnerability in version 1.0.1, which stems from a pointer dereference in the finplaceshiftmoovmetaoffset function and can be exploited by attackers to conduct denial of service attacks...

DEBIAN-CVE-2017-9122

The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file...

Apple QuickTime moov atom arbitrary code execution vulnerability

Apple QuickTime is a multimedia playback software. A buffer overflow vulnerability in Apple QuickTime's handling of media files containing a special moov atom allows remote attackers to construct malicious media files that can be tricked into being parsed by an application, which can crash the...