22 matches found
CVE-2026-1415
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...
CVE-2026-1415
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...
UBUNTU-CVE-2026-1415
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...
CVE-2026-1415 GPAC media_export.c gf_media_export_webvtt_metadata null pointer dereference
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...
EUVD-2026-4695
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...
CVE-2026-1415
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...
CVE-2026-1415
GPAC (up to 2.4.0) is affected by CVE-2026-1415 through the function gf_media_export_webvtt_metadata in src/media_tools/media_export.c, where manipulation of the Name argument triggers a null pointer dereference. Local access is required for exploitation, and a public exploit exists. The issue ha...
CVE-2026-1415 GPAC media_export.c gf_media_export_webvtt_metadata null pointer dereference
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...
CVE-2026-1415
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...
OSV-2025-619 Heap-buffer-overflow in webvtt_domnode_SelectNodesInTree
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437537868 Crash type: Heap-buffer-overflow READ 1 Crash state: webvttdomnodeSelectNodesInTree webvttdomnodeSelectNodesInTree webvttdomnodeSelectNodesInTree...
Cross-Site Scripting (XSS)
iet-ou/open-media-player is vulnerable to cross-site scripting. The vulnerability exists in webvtt function of timedtext.php in the timedtext controller which allows an attacker to inject and execute arbitrary scripts...
Cross site scripting
A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttmlurl leads to cross site scripting. The attack can be...
CVE-2019-25086 IET-OU Open Media Player timedtext.php webvtt cross site scripting
A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttmlurl leads to cross site scripting. The attack can be...
PT-2022-8298 · Unknown · Iet-Ou Open Media Player
Name of the Vulnerable Software and Affected Versions: IET-OU Open Media Player versions up to 1.5.0 Description: A vulnerability was found in the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml url leads to cross-site scripting. The attack...
PT-2022-36766 · Git +1 · Gstreamer
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write crash. The crash involves the functions parse subrip, parse webvtt, and gst sub parse chain...
Security update for vlc (moderate)
openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2020:0562-1 Rating: moderate References: 1142161 1146428 Cross-References: CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776...
Security update for ffmpeg-4 (low)
openSUSE Security Update: Security update for ffmpeg-4 Announcement ID: openSUSE-SU-2019:1066-1 Rating: low References: 1092241 1100348 1105869 Cross-References: CVE-2018-13300 CVE-2018-15822 Affected Products: openSUSE Backports SLE-15 An update that solves two vulnerabilities and has one errata...
openSUSE Security Update : ffmpeg-4 (openSUSE-2019-691)
This update for ffmpeg-4 to version 4.0.2 fixes the following issues : These security issues were fixed : - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...
Security update for ffmpeg-4 (low)
This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...
openSUSE Security Update : ffmpeg-4 (openSUSE-2018-1004)
This update for ffmpeg-4 to version 4.0.2 fixes the following issues : These security issues were fixed : - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...