USN-8285-1: GStreamer Good Plugins vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain MOV/MP4 media files. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-7580 Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection

A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Processmrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 i...

[SECURITY] Fedora 44 Update: siril-1.4.2-3.fc44

Siril is an image processing tool specially tailored for noise reduction and improving the signal/noise ratio of an image from multiple captures, as required in astronomy. Siril can align automatically or manually, stack and enhance pictures from various file formats, even images sequences movies...

CVE-2019-25554 Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset i...

CVE-2020-37183

Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow...

EUVD-2023-32767

Malicious code in bioql PyPI...

CVE-2023-29166

A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges...

kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...

Video with alpha transparency on the web

I've been helping some teams at Shopify improve page load performance, and the issue of 'videos with an alpha channel' kept coming up, where videos of UI mocks needed to be composited on top of inconsistent backgrounds, such as larger CSS backgrounds. Often a good solution here is to create the...

CVE-2023-29166

A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges...

CVE-2023-29166

A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges...

CVE-2023-29166

The CVE-2023-29166 issue affects Apple Pro Video Formats; the vulnerability is a logic issue in state management that may allow a user to elevate privileges. Affected versions prior to 2.2.5 are vulnerable; Apple fixed it in Pro Video Formats 2.2.5. Practical impact is elevated privileges with hi...

CVE-2023-29166

A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges...

Apple macOS Security Breach

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Pro Video Formats version 2.2.5, which originates from a user who may be able to elevate privileges...

PT-2023-22181 · Apple · Pro Video Formats

Name of the Vulnerable Software and Affected Versions: Pro Video Formats versions prior to 2.2.5 Description: A logic issue was addressed with improved state management, which may allow a user to elevate privileges. Recommendations: For versions prior to 2.2.5, update to Pro Video Formats 2.2.5 t...

About the security content of Pro Video Formats 2.2.5

About the security content of Pro Video Formats 2.2.5 This document describes the security content of Pro Video Formats 2.2.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

[SECURITY] Fedora 38 Update: mpv-0.35.1-3.fc38

Mpv is a movie player based on MPlayer and mplayer2. It supports a wide varie ty of video file formats, audio and video codecs, and subtitle types. Special input URL types are available to read input from a variety of sources other than disk files. Depending on platform, a variety of different...

Samsung Introduces New Feature to Protect Users from Zero-Click Malware Attacks

Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what's referred to as zero-click attacks. The South Korean chaebol said the solution "preemptively" secures users' devices by "limiting exposure to invisible threats...

Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader

Impact A memory overwrite bug was reported by a security researcher in the ConvertToSinglePlane method via the texconv command-line tool when given an invalid height for planar video textures such as NV12. This can be a potential security bug for any clients of the library who follow the same...