GPAC security vulnerabilities

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contained security vulnerabilities; these vulnerabilities stemmed from the use of the dasherprocess function, which allowed reusing of memory after heap deallocation, potentially leading to...

GPAC security vulnerabilities

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contained security vulnerabilities. These vulnerabilities were caused by a null pointer dereferencing in the gfac4presb4backchannelspresent function, which could lead to a denial-of-service attack...

GPAC 安全漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 2.4.0 have security vulnerabilities. These vulnerabilities stem from improper handling of the cat parameter in the MediaGetSample function within the MP4Box component, which can lead to memory leaks...

Astra Linux - уязвимость в ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vffloodfill.c. This vulnerability may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в ffmpeg

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2, specifically in the libavcodec/getbits.h file, during the process of writing .mov files. This vulnerability may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в ffmpeg5

It was discovered that FFmpeg versions n5.1 to n6.1 contain an Off-by-one Error vulnerability in the libavfilter/avfshowspectrum.c file. This vulnerability allows attackers to cause a Denial of Service DoS attack through crafted inputs...

CVE-2026-27766 multimedia_audio_framework has a Race Condition vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

CVE-2026-27766

Technical details about CVE-2026-27766 are not publicly available in the provided documents. Monitor for updates from OpenHarmony security disclosures and the CVE record.

CVE-2026-43484

A flaw was found in the Linux kernel's MultiMediaCard MMC core. Concurrent updates to bitfield flags, specifically 'claimed' and 'retunenow', can lead to unintended overwrites of other bits in asynchronous contexts. This can trigger spurious warnings and result in system instability or unexpected...

UBUNTU-CVE-2026-43484

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...

CVE-2026-8012

An inappropriate implementation flaw was found in the MHTML component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496628298...

EUVD-2026-28483

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidxboxread of the file src/isomedia/boxcodebase.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The...

CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

PT-2026-38557

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport sip transport tls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

CVE-2025-71251

In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

PT-2026-37333

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

Astra Linux - уязвимость в ffmpeg

Buffer overflow vulnerability in FFmpeg 4.2, located in the convolutiony10bit section of libavfilter/vfvmafmotion.c, which could allow a remote malicious user to cause a Denial of Service attack...

Astra Linux - уязвимость в ffmpeg5

A vulnerability, classified as critical, was discovered in FFmpeg up to version 5.1.5. This vulnerability affects the fillaudiodata function in the file /libswresample/swresample.c. The vulnerability leads to a heap-based buffer overflow. The attack can be initiated remotely. This issue was fixed...

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2026:1648-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1648-1 advisory. Update to version 2.52.1. Security issues fixed: - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy...

GPAC 缓冲区错误漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC such as 26.03-DEV-rev105-g8f39a1eb3-master and earlier have a buffer error vulnerability. This vulnerability stems from the function elngboxread in the MP4Box component’s file src/isomedia/boxcodebase.c, which process...