43 matches found
OESA-2026-2697 ffmpeg security update
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: An out-of-bounds write...
Astra Linux – Vulnerability in ffmpeg
There is a heap-based Buffer Overflow vulnerability in gaussianblur at libavfilter/vfedgedetect.c, which may lead to memory corruption and other potential issues...
Astra Linux – Vulnerability in qpdf
In QPDF 8.2.1, within libqpdf/QPDFWriter.cc, the functions QPDOrWriter::unparseObject and QPDOrWriter::unparseChild contain recursive calls that last for a long time. This allows remote attackers to cause a denial of service by using a crafted PDF file...
Astra Linux – Vulnerability in SOX
A vulnerability was discovered in SoX, where a heap buffer overflow occurs in the startread function in the hcom.c file. This vulnerability can be exploited by using a specially crafted hcomn file, which may cause the application to crash...
Astra Linux – Vulnerability in ffmpeg
In FFmpeg 4.4, the adtsdecodeextradata function in libavformat/adtsenc.c does not check the return value of initgetbits. This is a necessary step, as the second argument of initgetbits can be manipulated...
Linux Distros Unpatched Vulnerability : CVE-2025-60483
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to caus...
Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016770)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016770 advisory. An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fe...
jq: jq: Denial of Service via crafted JSON object causing hash collisions
A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...
[SECURITY] Fedora 44 Update: siril-1.4.2-3.fc44
Siril is an image processing tool specially tailored for noise reduction and improving the signal/noise ratio of an image from multiple captures, as required in astronomy. Siril can align automatically or manually, stack and enhance pictures from various file formats, even images sequences movies...
AnyBurn 安全漏洞
AnyBurn is a disc burning and image processing tool developed by AnyBurn Corporation. The AnyBurn 4.3 x86 version contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the image conversion function, which could allow local attackers to cause the...
EUVD-2026-10371
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder...
CVE-2026-24484
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch...
CVE-2023-53981
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...
JLSEC-2025-150 A vulnerability was found in FFmpeg up to 7.1
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...
PT-2025-33660 · Gnu +1 · Gpac +1
Уязвимость функции gf ac4 pres b 4 back channels present утилиты MP4Box мультимедийной платформы GPAC связана с разыменованием нулевого указателя. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании...
The vulnerability of the Mongo fragment processing tool for MongoDB database management systems allows a hacker to induce a service failure.
The vulnerability of the Mongo fragment processing tool for MongoDB database management systems is related to an error in handling exceptional states. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially created protocol called Wire...
CVE-2025-25301
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...
CVE-2024-31585
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avfshowspectrum.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
The vulnerability of the libqpdf/QPDWriter.cc utility for command-line processing of PDF documents allows a malicious actor to cause service interruptions.
The vulnerability of the libqpdf/QPDWriter.cc command-line utility for converting PDF documents is related to an uncontrolled recursion. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using a specially created PDF file...
CVE-2023-26590
A floating point exception vulnerability was found in sox, in the lsxaiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service...