Lucene search
K

235 matches found

RedHat Linux
RedHat Linux
added 6 days ago6 views

gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS6AI score0.0031EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 6:27 a.m.3 views

OESA-2026-2829 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A use-after-free...

8.8CVSS6.3AI score0.00477EPSS
Exploits3References3
OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2827 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A use-after-free...

6.5CVSS6.1AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2026/06/28 2:16 a.m.3 views

DEBIAN-CVE-2026-58049

FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...

8.8CVSS5.8AI score0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/06/28 2:16 a.m.30 views

CVE-2026-58049

FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...

8.8CVSS0.00217EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.36 views

CVE-2026-58049 FFmpeg - Out-of-Bounds Write in RASC Decoder decode_dlta()

FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...

8.8CVSS0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 12:16 p.m.19 views

CVE-2026-12706

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by...

6.5CVSS0.00245EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 8:16 p.m.5 views

DEBIAN-CVE-2026-52722

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.5AI score0.0031EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: A possible memory leak issue has been fixed. The implementation of venushelperallocdpbbufs allows for an early return on an error path when checking the ID from idaallocmin. This would prevent the earlier buff...

5.5CVSS6AI score0.00231EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in dav1d

An integer overflow occurs in the dav1d AV1 decoder, which can happen when decoding videos with a large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to a version later than 1.4.0 of dav1d...

8.8CVSS6.7AI score0.01835EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.7 views

PT-2026-24787

Name of the Vulnerable Software and Affected Versions strukturag libheif versions up to 1.21.2 Description A flaw exists in strukturag libheif that allows for an out-of-bounds read. The issue resides in the vvdec push data2 function within the libheif/plugins/decoder vvdec.cc file of the HEIF Fil...

4.8CVSS5.6AI score0.00117EPSS
Exploits0References68
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained security vulnerabilities, which stemmed from a heap buffer...

9.3CVSS6.5AI score0.0029EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/12 5:41 p.m.29 views

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

6.3CVSS0.00129EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/12 5:41 p.m.5 views

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

6.3CVSS5.7AI score0.00129EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 5:41 p.m.13 views

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

6.3CVSS5.7AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/02/12 5:41 p.m.15 views

CVE-2024-36319

Summary: CVE-2024-36319 concerns debug code left active in AMD’s Video Decoder Engine Firmware (VCN FW). A crafted command could cause VCN FW to read/write HW registers, with potential impact to confidentiality, integrity, and availability. Affected component is the VCN FW in AMD graphics/VP-rela...

6.3CVSS5.7AI score0.00129EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.9 views

PT-2026-7876

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

6.3CVSS5.7AI score0.00129EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the H264 multi-stateless decoder’s match warning. A match static checker warning has been fixed in vdech264reqmultiif.c. This issue causes the kernel to crash when fb is NULL...

5.5CVSS6.2AI score0.00208EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the VP8 stateless decoder’s “smatch” warning. A “smatch” static checker warning was fixed in vdecvp8reqif.c. This issue causes the kernel to crash when fb is NULL...

5.5CVSS6.4AI score0.00207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-47753)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47753 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 statele...

5.5CVSS6.6AI score0.00207EPSS
Exploits0References2
Rows per page
Query Builder