CLSA-2026-1778142227 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

CVE-2018-14054: LibMP4v2 MP4StringProperty Handling Double Free Vulnerability

LibMP4v2 is an open source MP4 processing library, designed to create and modify MP4 files as defined by ISO-IEC:14496-1:2001 MPEG-4 Systems. Originally discovered by Ruikai Liu, a double free vulnerability was found in the MP4StringProperty code. While parsing MP4 atoms, it is possible to cause ...

libquicktime 1.2.4 - Integer Overflow

libquicktime 1.2.4 - Integer Overflow !/usr/bin/env python - 7 February 2016 - My last bug hunting session for fun and no-profit has been dedicated to libquicktime Author: Marco Romano - @nemux http://www.nemux.org libquicktime 1.2.4 Integer Overflow Product Page:...

libquicktime 1.2.4 Integer Overflow

!/usr/bin/env python - 7 February 2016 - My last bug hunting session for fun and no-profit has been dedicated to libquicktime Author: Marco Romano - @nemux http://www.nemux.org libquicktime 1.2.4 Integer Overflow Product Page: http://libquicktime.sourceforge.net/ Description: 'hdlr', 'stsd', 'fta...

libquicktime 1.2.4 - Integer Overflow

Exploit for multiple platform in category dos / poc !/usr/bin/env python - 7 February 2016 - My last bug hunting session for fun and no-profit has been dedicated to libquicktime Author: Marco Romano - @nemux http://www.nemux.org libquicktime 1.2.4 Integer Overflow Product Page:...

libquicktime 1.2.4 - Integer Overflow

!/usr/bin/env python - 7 February 2016 - My last bug hunting session for fun and no-profit has been dedicated to libquicktime Author: Marco Romano - @nemux http://www.nemux.org libquicktime 1.2.4 Integer Overflow Product Page: http://libquicktime.sourceforge.net/ Description: 'hdlr', 'stsd', 'fta...

Android Denial of Service Vulnerability

Android is an operating system based on the Linux open kernel, announced on November 5, 2007 by Google Inc. for cell phones. A denial of service vulnerability exists in Android versions prior to 5.1.1, LMY48I. Allows remote attackers to execute arbitrary code or cause a denial of service via...

CVE-2015-6575

SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service integer overflow and memory corruption via crafted atoms in MP4 data, aka internal bug 20139950, a...

CVE-2015-1538

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related...

CVE-2015-1538

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related...

Integer overflow

SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service integer overflow and memory corruption via crafted atoms in MP4 data, aka internal bug 20139950, a...

Google Android Stagefright MP4 Multiple Atoms Integer Overflow (CVE-2015-1538; CVE-2015-3824; CVE-2015-3829; CVE-2015-3864)

A remote code execution vulnerability, known as Stagefright Vulnerability, has been reported in Android devices core. The vulnerability is due to an integer overflow condition in multiple MP4 atoms. Successful exploitation would allow an attacker to execute arbitrary code on the target or to crea...