Lucene search
K

297 matches found

OSV
OSV
added last week4 views

OESA-2026-2867 aom security update

The Alliance for Open Media’s focus is to deliver a next-generation video format that is: Security Fixes: An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows ...

7.1CVSS6.7AI score0.00414EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/23 2:19 a.m.7 views

SUSE CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

8.1CVSS6AI score0.00272EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 9:17 p.m.10 views

DEBIAN-CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References1
OSV
OSV
added 2026/06/19 9:17 p.m.12 views

DEBIAN-CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 9:17 p.m.8 views

UBUNTU-CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/19 4:28 p.m.7 views

CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50984

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...

7.1CVSS6AI score0.00414EPSS
Exploits0References36
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libvpx

There are integer overflows in the libvpx library in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may lead to integer overflows in the calculations of buffer sizes and offsets, and some fields of the returned vpximaget struct may become invali...

9.1CVSS7.3AI score0.00814EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/06 12:30 p.m.17 views

EUVD-2026-27782

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

5.9AI score0.00138EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37562

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer size issue exists in the Verisilicon AV1 media component. The tile information, consisting of row sb, col sb, start pos, and end pos 4 bytes each, requires a total memory...

8.5CVSS5.9AI score0.00138EPSS
Exploits0
OSV
OSV
added 2026/05/01 1:54 p.m.9 views

JLSEC-2026-374

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding...

7.5CVSS6.9AI score0.01936EPSS
Exploits0References20
OSV
OSV
added 2026/04/24 3:16 p.m.10 views

DEBIAN-CVE-2026-31584

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix use-after-free in encoder release path The fopsvcodecrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-encodework. This creates a race window...

7.8CVSS5.5AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of the release path after the encoder release in the media mediatek vcodec modul...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
OSV
OSV
added 2026/04/20 7:31 p.m.10 views

JLSEC-2026-158

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

8.7CVSS5.7AI score0.00349EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-34235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's...

9.1CVSS5.3AI score0.00405EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 3:36 p.m.19 views

CVE-2026-34235

CVE-2026-34235 affects the PJSIP library (C) prior to version 2.17, where the VP9 RTP unpacketizer has a heap out-of-bounds read when parsing crafted VP9 SS data. The vulnerability stems from insufficient bounds checking on the payload descriptor length, causing reads beyond the RTP payload buffe...

9.1CVSS5.8AI score0.00405EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29286

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

9.1CVSS5.8AI score0.00405EPSS
Exploits0References4
CNVD
CNVD
added 2026/03/31 12:0 a.m.10 views

Multiple Mozilla Products Code Issues Vulnerabilities

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code issue vulnerability exists in multiple Mozilla products that stem...

7.5CVSS7.4AI score0.00687EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/30 11:13 p.m.6 views

CVE-2026-33986

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a memory allocation vulnerability in the H.264 codec by enticing a user to connect to a malicious server. This flaw occurs when internal buffer dimensions are incorrectly updated aft...

7.5CVSS6.5AI score0.00265EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.9 views

CVE-2026-33164

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

8.7CVSS5.7AI score0.00349EPSS
Exploits1References1
Rows per page
Query Builder