CVE-2024-37017

asdcplib aka AS-DCP Lib 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::hReader::MDtoTimedTextTDesc in ASDCPTimedText.cpp in libasdcp.so...

CVE-2024-37017

asdcplib aka AS-DCP Lib 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::hReader::MDtoTimedTextTDesc in ASDCPTimedText.cpp in libasdcp.so...

CVE-2024-37017

CVE-2024-37017 affects asdcplib (AS-DCP Lib) 2.13.1 and involves a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc within AS_DCP_TimedText.cpp in libasdcp.so. The CVSSv3.1 base score is 8.1 (HIGH), with NETWORK attack vector, LOW attack complexity, no ...

Cross-Site Scripting (XSS)

iet-ou/open-media-player is vulnerable to cross-site scripting. The vulnerability exists in webvtt function of timedtext.php in the timedtext controller which allows an attacker to inject and execute arbitrary scripts...

PT-2022-8298 · Unknown · Iet-Ou Open Media Player

Name of the Vulnerable Software and Affected Versions: IET-OU Open Media Player versions up to 1.5.0 Description: A vulnerability was found in the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml url leads to cross-site scripting. The attack...