flash-plugin: multiple code execution issues fixed in APSB17-04

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution...

CVE-2016-3819

Integer overflow in codecs/on2/h264dec/source/h264bsddpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability in the file mm-video-v4l2/vidc/vdec/src/omxvdecmsm8974.cpp of the Android operating system is related to incorrect pointer handling. Exploiting this vulnerability can allow a malicious actor to gain increased privileges through a specially created application...

CVE-2016-2451

codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

UBUNTU-CVE-2016-0816

mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, related to decoder/ih264dparseislice.c and decoder/ih264dparsepslice.c, aka internal bug 25928803...

The vulnerability of the iOS operating system, which allows a hacker to trigger a service failure

The vulnerability of the MSVDX driver of the iOS operating system exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using a specially crafted video stream...

Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)

The decreaserefcount function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via malformed WebM video data...

FFmpeg 'vmd_decode' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'vmddecode' function in the FFmpeg 'libavcodec/vmdvideo.c' file. As the program fails to validate the relationship between the length value and the...

UBUNTU-CVE-2014-9604

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Ut Video data, related to the 1 restoremedian and 2...

Apple Quicktime multiple security vulnerabilities

Memory corruptions on video decoding, MIDI and m4a...

Chrome 23 Released, 14 vulnerabilities patched

Google today released Chrome version 23 to the Stable Channel. 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame. Update includes patch for 12 vulnerabilities in the Windows version and two vulnerabilities in Mac OS X version. Chrome 23 is the support of the Do Not Track DNT protocol, number...

DEBIAN-CVE-2011-4364

Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service crash and possibly...

UBUNTU-CVE-2011-3025

Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...