EUVD-2014-1323

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-35306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4StszAtom::WriteFields located in Ap4StszAtom.cpp. It...

Linux Distros Unpatched Vulnerability : CVE-2017-14261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the SDK in Bento4 1.5.0-616, the AP4StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit...

CVE-2022-40775

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4StszAtom::WriteFields...

CLSA-2024-1730478623 Fix CVE(s): CVE-2023-7347, CVE-2024-7347

SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347...

The vulnerability of the AP4_StszAtom::GetSampleSize() function in the ISO-MP4 Bento4 file reading and writing library allows a hacker to cause a service failure.

The vulnerability of the AP4StszAtom::GetSampleSize function in the ISO-MP4 file reading and writing library in Bento4 is related to the use of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2022-40775

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4StszAtom::WriteFields...

CVE-2022-40774

An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4StszAtom::GetSampleSize...

UBUNTU-CVE-2022-40775

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4StszAtom::WriteFields...

Bento4 代码问题漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 1.6.0-639 and earlier versions that stems from a null pointer dereference in its AP4StszAtom::WriteFields component...

DEBIAN-CVE-2021-21848

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause a...

UBUNTU-CVE-2021-35306

An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4StszAtom::WriteFields located in Ap4StszAtom.cpp. It allows an attacker to cause a denial of service DOS...

Bento4 Ap4StszAtom.cpp file buffer overflow vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files. A buffer overflow vulnerability exists in the AP4StszAtom class of the Ap4StszAtom.cpp file of the SDK in Bento4 version 1.5.0-616. A remote attacker can exploit this vulnerability to cause a denial of service or execute...

UBUNTU-CVE-2017-14261

In the SDK in Bento4 1.5.0-616, the AP4StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file...

Apple QuickTime stsz Atom Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Apple QuickTime stsz Atom Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

CVE-2014-1245

Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted stsz atom in a movie file...

Integer overflow

Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted stsz atom in a movie file...

CVE-2014-1245

Apple QuickTime before 7.7.5 contains a vulnerability in the processing of the stsz atom within movie files. This can allow remote code execution or a crash when a crafted stsz value is processed in a QuickTime viewing context. Exploitation requirements include user interaction (per ZDI advisory)...

ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability

ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-259 August 16, 2011 -- CVE ID: CVE-2011-0251 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple QuickTime -- TippingPoint...