SUSE-SU-2026:1761-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784:...

PT-2026-38860

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux parse trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...

DEBIAN-CVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...

nginx: specially crafted MP4 file may cause denial of service

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service...

SUSE CVE-2016-3062

The movreaddref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via the entries value in a dref box in an MP4 file...

GPAC Invalid Pointer Dereference Vulnerability

GPAC is a multimedia framework for rich media and distributed under the LGPL license. An invalid pointer dereference vulnerability exists in gfodfdeletedescriptor in odf/descprivate.c in libgpac.a in versions prior to GPAC 0.8.0. An attacker can exploit this vulnerability to cause a denial of...

PT-2022-11260 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: Gpac versions through 1.0.1 Description: A buffer overflow issue exists via a malformed MP4 file in the svc parse slice function in av parsers.c, allowing attackers to cause a denial of service, potentially execute code, and escalate...

DEBIAN-CVE-2015-1208

Integer underflow in the movreaddefault function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file...

UBUNTU-CVE-2015-1206

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service unpaged memory write and process crash via a crafted MP4 file...

libquicktime Denial of Service Vulnerability (CNVD-2017-11753)

libquicktime is a library for reading and writing files in quicktime, avi and mp4 formats. A security vulnerability exists in the 'quicktimevideowidth' function of the lqtquicktime.c file in libquicktime version 1.2.4. A remote attacker can exploit this vulnerability to cause a denial of service...

Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to trigger service interruptions or execute arbitrary code

The vulnerability of the CoreMedia Playback component in iOS and Mac OS X operating systems arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure memory corruption, application...

Mozilla Firefox and Firefox ESR libstagefright memory leak vulnerability

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open-source web browser; Firefox ESR is an extended-support version of Firefox. libstagefright is one of the hard-coding support libraries. A memory leak vulnerability exists in...

DEBIAN-CVE-2016-1957

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service memory consumption via an MPEG-4 file that triggers a delete operation on an array...

UBUNTU-CVE-2016-1957

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service memory consumption via an MPEG-4 file that triggers a delete operation on an array...