PT-2023-6860 · Opnsense · Opnsense

Name of the Vulnerable Software and Affected Versions: OPNsense versions prior to 23.7.5 Description: The issue is related to the lack of protection of the web page structure in the OPNsense operating system. This can be exploited by a remote attacker to conduct cross-site scripting attacks using...

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

GPAC MP4Box 安全漏洞

GPAC MP4Box is multimedia packager. It is mainly used to work with ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, etc. A security vulnerability exists in GPAC MP4Box version 2.1-DEV-rev593-g007bf61a0, which stems from...

DEBIAN-CVE-2018-7752

GPAC through 0.7.1 has a Buffer Overflow in the gfmediaavcreadsps function in mediatools/avparsers.c, a different vulnerability than CVE-2018-1000100...

UBUNTU-CVE-2016-3828

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28835995...

DEBIAN-CVE-2015-8217

The ffhevcparsesps function in libavcodec/hevcps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted High Efficiency Video Coding HEVC da...

DEBIAN-CVE-2014-9319

The ffhevcdecodenalsps function in libavcodec/hevcps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds access via a crafted .bit file...

DEBIAN-CVE-2012-0851

The ffh264decodeseqparameterset function in h264ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via ...

Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

This module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file specifically the Sequence Parameter Set, Flash will see if picordercnttype is equal to 1, which sets the numrefframesinpicordercntcycle field, and then blindly copies data in...

Adobe Flash Player MP4 Sequence Parameter Set Processing

Added: 02/09/2012 CVE: CVE-2011-2140 BID: 49083 OSVDB: 74439 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player Sub1005B396 function allows command execution when a user opens a specially crafted .swf file...

Adobe Flash Player MP4 Sequence Parameter Set Processing

Added: 02/09/2012 CVE: CVE-2011-2140 BID: 49083 OSVDB: 74439 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player Sub1005B396 function allows command execution when a user opens a specially crafted .swf file...

Adobe Flash Player MP4 Sequence Parameter Set Processing

Added: 02/09/2012 CVE: CVE-2011-2140 BID: 49083 OSVDB: 74439 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player Sub1005B396 function allows command execution when a user opens a specially crafted .swf file...

Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...