CVE-2026-43310

A flaw was found in the Linux kernel's Verisilicon media driver. On the i.MX8MQ platform, simultaneous decoding of H.264 and HEVC video streams by the g1 and g2 Video Processing Units VPUs can lead to a bus error. This issue can result in corrupted video output and potentially cause a system hang...

EUVD-2026-28580

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

UBUNTU-CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

CVE-2026-43310

The CVE-2026-43310 issue affects the Linux kernel Verisilicon media driver on the i.MX8MQ platform. It describes a hardware limitation where the g1 VPU and g2 VPU cannot decode H.264 and HEVC simultaneously; doing so can trigger a bus error, producing corrupted video output and potentially causin...

Astra Linux - уязвимость в libde265

Libde265 v1.0.8 was discovered to contain an unknown crash via ffhevcputhevcqpelh3v3sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted video file...

Astra Linux - уязвимость в firefox, thunderbird

A out-of-bounds read can occur during the decoding of H264 videos. This can lead to a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

[SECURITY] Fedora 42 Update: gstreamer1-vaapi-1.26.11-1.fc42

A collection of GStreamer plugins to let you make use of VA API video acceleration from GStreamer applications. Includes elements for video decoding, display, encoding and post-processing using VA API subject to hardware limitations...

[SECURITY] Fedora 43 Update: gstreamer1-vaapi-1.26.11-1.fc43

A collection of GStreamer plugins to let you make use of VA API video acceleration from GStreamer applications. Includes elements for video decoding, display, encoding and post-processing using VA API subject to hardware limitations...

CVE-2026-33986 FreeRDP: H.264 YUV Buffer Dimension Desync - Heap OOB Write

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

RLSA-2026:4447 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 For more details about the security issues, including the...

EUVD-2024-17324

Malicious code in bioql PyPI...

EUVD-2022-42668

Malicious code in bioql PyPI...

EUVD-2022-30342

Malicious code in bioql PyPI...

EUVD-2023-38253

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-2479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buff...

Linux Distros Unpatched Vulnerability : CVE-2021-21842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A speciall...

Linux Distros Unpatched Vulnerability : CVE-2021-21859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The...

Linux Distros Unpatched Vulnerability : CVE-2021-21861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When...

OSV-2025-584 Heap-buffer-overflow in isvcd_mark_err_slice_skip

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434978682 Crash type: Heap-buffer-overflow READ 2 Crash state: isvcdmarkerrsliceskip isvcdvideodecode Codec::decodeFrame...

CVE-2025-27044 Out-of-bounds Write in Video

Memory corruption while executing timestamp video decode command with large input values...