A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808. In libvpx, there is a possible out of bounds read due to a missing bo ...
There is a heap-based buffer overflow in string_vformat . The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist.
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix: * libvpx: Denial of service in mediaserver * libvpx: Out of bounds read in vp8_norm table * libvpx: Use-after-free in vp8_deblock in vp8/common/postproc.c * libvpx: Out of bounds read in vp8_decode_frame in decodefram ...
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix: * libvpx: Denial of service in mediaserver * libvpx: Out of bounds read in vp8_norm table * libvpx: Use-after-free in vp8_deblock in vp8/common/postproc.c * libvpx: Out of bounds read in vp8_decode_frame in decodefram ...
It was discovered that net/http in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or to filter bypasses depending on the specific network configuration
It was discovered that net/http in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or to filter bypasses depending on the specific network configuration.Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Req ...