242 matches found
Astra Linux – Vulnerability in ffmpeg5
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters are being exported, as the side data would be attached in the decoder thread while being read in the output thread...
PT-2026-48236
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
PT-2026-48240
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
PT-2026-48238
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
PT-2026-48237
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
PT-2026-48239
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
PT-2026-48234
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for...
Astra Linux – Vulnerability in libvpx
In libvpx version VP9 before 1.13.1, handling of widths is incorrect, resulting in a crash related to encoding...
JLSEC-2026-376
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above...
CVE-2026-35203
ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...
CVE-2026-34235
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
ALPINE-CVE-2026-34235
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
DEBIAN-CVE-2026-34235
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
CVE-2026-34235
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
RLSA-2023:5537 Important: libvpx security update
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvp...
RockyLinux 8 : libvpx (RLSA-2023:5537)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5537 advisory. libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvpx CVE-2023-44488 Tenable has extracted...
OSV-2026-97 Heap-buffer-overflow in vpx_wb_write_literal
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476466137 Crash type: Heap-buffer-overflow WRITE 1 Crash state: vpxwbwriteliteral vp9packbitstream encodeframetodatarate...
MiracleLinux 8 : thunderbird-115.4.1-1.el8.ML.1 (AXSA:2023-6571:31)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6571:31 advisory. Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR...
MiracleLinux 9 : libvpx-1.9.0-7.el9.ML.1 (AXSA:2023-6488:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6488:01 advisory. libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvpx CVE-2023-44488 Tenable has...