Security
Headlines

Headlines Latest CVEs

Headline

AppleVideoDecoder CreateHeaderBuffer Out-Of-Bounds Free

AppleVideoDecoder suffers from an out-of-bounds free vulnerability. The attached video file contains a malformed HEVC Decoder Configuration Record that leads to an out-of-bounds free in CreateHeaderBuffer. When copying the VPS, PPS and SPS, the destination pointer is incremented, and if the copied data is larger than the length specified in the input file, it breaks and falls through to a condition that frees the destination pointer, even though it has been incremented. This could free the chunk allocated next to the destination memory.

2 years ago

#vulnerability #apple

AppleVideoDecoder suffers from an out-of-bounds free vulnerability. The attached video file contains a malformed HEVC Decoder Configuration Record that leads to an out-of-bounds free in CreateHeaderBuffer. When copying the VPS, PPS and SPS, the destination pointer is incremented, and if the copied data is larger than the length specified in the input file, it breaks and falls through to a condition that frees the destination pointer, even though it has been incremented. This could free the chunk allocated next to the destination memory.

Packet Storm: Latest News

Debian Security Advisory 5808-1

1 day ago

Ubuntu Security Notice USN-7100-1

1 day ago

HASOMED Elefant / Elefant Software Updater Data Exposure / Privilege Escalation

1 day ago

Ubuntu Security Notice USN-7099-1

1 day ago

Ubuntu Security Notice USN-7098-1

1 day ago