Page 35 of 205 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presentan múltiples vulnerabilidades de desbordamiento de enteros explotables dentro de la funcionalidad MPEG-4 decoding de la librería GPAC Project on Advanced Content versión v1.0.1. Una entrada MPEG-4 especialmente diseñada cuando se encuentra un átomo usando el código FOURCC "stco", puede causar un desbordamiento de enteros debido a la aritmética no comprobada, resultando en un desbordamiento de búfer en la región heap de la memoria que causa una corrupción de memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 https://www.debian.org/security/2021/dsa-4966 https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 https://www.debian.org/security/2021/dsa-4966 https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presentan múltiples vulnerabilidades de desbordamiento de enteros explotables en la funcionalidad MPEG-4 decoding de GPAC Project on Advanced Content library versión v1.0.1. Una entrada MPEG-4 especialmente diseñada en el decodificador "stsz" puede causar un desbordamiento de enteros debido a una aritmética no comprobada, resultando en un desbordamiento del búfer en la región heap de la memoria que causa una corrupción de memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 https://www.debian.org/security/2021/dsa-4966 https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presentan múltiples vulnerabilidades de desbordamiento de enteros explotables dentro de la funcionalidad MPEG-4 decoding de GPAC Project on Advanced Content library versión v1.0.1. Una entrada MPEG-4 especialmente diseñada en el decodificador "stsc" puede causar un desbordamiento de enteros debido a una aritmética no comprobada, resultando en un desbordamiento de búfer en la región heap de la memoria que causa una corrupción de memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 https://www.debian.org/security/2021/dsa-4966 https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presentan múltiples vulnerabilidades de desbordamiento de enteros explotables dentro de la funcionalidad MPEG-4 decoding de GPAC Project on Advanced Content library versión v1.0.1. Una entrada MPEG-4 especialmente diseñada en el decodificador "stts" puede causar un desbordamiento de enteros debido a una aritmética no comprobada, resultando en un desbordamiento del búfer en la región heap de la memoria que causa una corrupción de memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 https://www.debian.org/security/2021/dsa-4966 https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •