13 matches found
USN-8130-3: GStreamer Base Plugins vulnerability
USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause...
PT-2026-33167
Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A signed integer overflow exists in the DVD subtitle parser's fragment reassembly bounds checks. A remote attacker can exploit this by providing a specially crafted MPEG-PS/VOB media file...
CVE-2026-2921 GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending o...
GStreamer 输入验证错误漏洞
GStreamer is an open-source framework for processing streaming media. GStreamer has a vulnerability related to input validation, which stems from a lack of verification of the data provided by users when handling palette data in AVI files. This vulnerability may lead to integer overflow and remot...
TencentOS Server 3: gstreamer1-plugins-bad-free (TSSA-2023:0323)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0323 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
nginx: Memory disclosure in the ngx_http_mp4_module
A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...
USN-7014-3 nginx vulnerability
USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote...
GPAC Security Vulnerabilities
GPAC is an open source multimedia framework. GPAC suffers from a security vulnerability that stems from the presence of a memory leak vulnerability that allows an attacker to cause a denial of service DoS via a crafted MP4 file...
UBUNTU-CVE-2023-46927
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gfisomusecompactsize gpac/src/isomedia/isomwrite.c:3403:3 in gpac/MP4Box...
UBUNTU-CVE-2019-20628
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gfm2tsprocesspmt in mediatools/mpegts.c that can cause a denial of service via a crafted MP4 file...
CARBANAK Week Part Four: The CARBANAK Desktop Video Player
Part One, Part Two and Part Three of CARBANAK Week are behind us. In this final blog post, we dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBAN...
UBUNTU-CVE-2018-14326
In MP4v2 2.0.0, there is an integer overflow with resultant memory corruption when resizing MP4Array for the ftyp atom in mp4array.h...
Denial of Service Vulnerability in Mango TV Client Handling AVIs
Mango TV is the only Internet video platform under Hunan Radio and Television, exclusively providing HD video live on-demand broadcast of all Hunan TV programs and providing users with all kinds of popular movies, TV dramas, variety shows, animation, music, entertainment and other content. A deni...