The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. Date published : 2016-12-23 http://www.securityfocus.com/bid/94837 https://security.gentoo.org/glsa/201701-71
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Date published : 2016-12-23 http://www.securityfocus.com/bid/93224 http://www.openwall.com/lists/oss-security/2016/09/29/7
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. Date published : 2016-12-23 http://www.securityfocus.com/bid/94833 https://security.gentoo.org/glsa/201701-71
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. Date published : 2016-12-23 http://www.securityfocus.com/bid/94835 https://security.gentoo.org/glsa/201701-71
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. Date published : 2016-12-23 http://www.securityfocus.com/bid/94838 https://security.gentoo.org/glsa/201701-71
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. Date published : 2016-12-23 http://www.securityfocus.com/bid/94834 https://security.gentoo.org/glsa/201701-71
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. Date published : 2016-12-23 http://www.securityfocus.com/bid/94841 https://security.gentoo.org/glsa/201701-71
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted ‘nctg’ structure. Date published : 2016-12-23 http://www.securityfocus.com/bid/94839 https://security.gentoo.org/glsa/201701-71
The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been...
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. Date published : 2016-12-23 http://www.securityfocus.com/bid/93163 http://www.openwall.com/lists/oss-security/2016/09/26/6
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. Date published : 2016-12-23 http://www.securityfocus.com/bid/92447...
Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3...
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. Date published : 2016-12-23 https://www.kde.org/info/security/advisory-20160209-1.txt http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177557.html
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. Date published : 2016-12-22 http://www.securityfocus.com/bid/94589 http://www.openwall.com/lists/oss-security/2016/11/29/7