Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-48434

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

CVE

�.,�!S\4Ӹ��4�����i��r���Vv�tM ���>s����e!���~su�?�˩� ��uu�@ �–�f|;3� �$LbA9�j�Da�p%8�u�T��Q�C]v#�Go�Ͳ!�Æ����X|��PV�h����ʩF�%�I�-?��.�^w6�M�UU�����_�ɠm5��#���8����T/�56KtfY�ǡ��rš r)��W%�*\cg]�oH�x���c��\��nz`�ȳ`mP�}Ww����`��RL=�mx:C�Eǝ=vH>2S�X’W�5��"��(൩ ��M-J��ɜ�!V��8N��e3oF� XM7�!� mqk[�%��XҖ����G��h���S�6 (��m���)��Y�Ip�E��}�>�m ��"p�&��sq�����" ����QCײR|8��P�C�-<6�����%K=2�A㼸��VI!`��5]95}����L�r+Dv�kc)4�� ��t��oO�r��V��I������Ҟ��ಃ�����& P��8a��_.� ^�����]JG��|�o�� �;�}�9����˪K�VU��"�竢��)��P��Ǻj>����!Ĥ��\��Bϩ�N�qұhv=ط$�ѕ��/?��\�}��m ?2|�te���5�)��LI�(9K!�xjK5������n^6�aS��O���L���~�j ����Zݱ��)1F��>�]�0nB?j��݆�Fw�u���4�cxC�����̂��H��� ���_~��`Cp&oC��W˯�gC2˓�Pg�� �f ��}�"�<�X#�*�� ��M��h���vCAO)!��>B����(�Z�j�G�~B���ȜT�)\Cx�X�~���-*CA����2-#Ż5�}a耭��ơ>��cгt�AP�O���NG�#�’�q� �t?.?7� ��[ܖa��_忻�Z���E�l�z��$UX8˽N�2E������P�"W�P0� �V��l9’p ���?o��Z�M��0 ��2���#�VE`>�9�’0r r�T���q�22!�9��5�1��ř����֋.#2����f�pj��!_���C�l�*h`$��!_�н/�(�AT*�MY��i*� ���oi ��4��yDŽ���

Related news

Debian Security Advisory 5721-1

Debian Linux Security Advisory 5721-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Gentoo Linux Security Advisory 202312-14

Gentoo Linux Security Advisory 202312-14 - Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected.

Ubuntu Security Notice USN-6449-2

Ubuntu Security Notice 6449-2 - USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update could introduce a regression in tools using an FFmpeg library, like VLC. This updated fixes the problem. It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Ubuntu Security Notice USN-6449-1

Ubuntu Security Notice 6449-1 - It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that FFmpeg incorrectly handled certain input files, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907