Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-15395: MediaInfo

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).

CVE
#redis#auth#chrome

MediaInfo is a convenient unified display of the most relevant technical and tag data for video and audio files.

The MediaInfo data display includes:

  • Container: format, profile, commercial name of the format, duration, overall bit rate, writing application and library, title, author, director, album, track number, date, duration…
  • Video: format, codec id, aspect, frame rate, bit rate, color space, chroma subsampling, bit depth, scan type, scan order…
  • Audio: format, codec id, sample rate, channels, bit depth, language, bit rate…
  • Text: format, codec id, language of subtitle…
  • Chapters: count of chapters, list of chapters…

MediaInfo analyticals include:

  • Container: MPEG-4, QuickTime, Matroska, AVI, MPEG-PS (including unprotected DVD), MPEG-TS (including unprotected Blu-ray), MXF, GXF, LXF, WMV, FLV, Real…
  • Tags: Id3v1, Id3v2, Vorbis comments, APE tags…
  • Video: MPEG-1/2 Video, H.263, MPEG-4 Visual (including DivX, XviD), H.264/AVC, H.265/HEVC, FFV1…
  • Audio: MPEG Audio (including MP3), AC3, DTS, AAC, Dolby E, AES3, FLAC…
  • Subtitles: CEA-608, CEA-708, DTVCC, SCTE-20, SCTE-128, ATSC/53, CDP, DVB Subtitle, Teletext, SRT, SSA, ASS, SAMI…

MediaInfo features include:

  • Read many video and audio file formats
  • View information in different formats (text, sheet, tree, HTML…)
  • Customise these viewing formats
  • Export information as text, CSV, HTML…
  • Graphical user interface, command line interface, or library (.dll/.so/.dylib) versions available
  • Integrate with the shell (drag ‘n’ drop, and Context menu)
  • Internationalisation: display any language on any operating system
  • Localisation capability (for which volunteers are needed - please contact us!)

License:It is Open-Source software which means that end users and developers have freedom to study, to improve and to redistribute the program (BSD-style license).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907