A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. Date published : 2018-07-13 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRSO2IMK6P7MOIZWGWKONPIEHKBA7WL3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c. Date published : 2018-07-13 https://github.com/fouzhe/security/tree/master/libwav https://github.com/marc-q/libwav/issues/19
The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop. Date published : 2018-07-13 https://github.com/fouzhe/security/tree/master/libwav https://github.com/marc-q/libwav/issues/21
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c. Date published : 2018-07-13 https://github.com/fouzhe/security/tree/master/libwav https://github.com/marc-q/libwav/issues/20
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c. Date published : 2018-07-13 https://github.com/fouzhe/security/tree/master/libwav https://github.com/marc-q/libwav/issues/22
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. Date published : 2018-07-13 https://seclists.org/bugtraq/2019/Apr/30 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
** DISPUTED ** An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it....
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. Date published : 2018-07-13 https://github.com/Exiv2/exiv2/issues/378 https://access.redhat.com/errata/RHSA-2019:2101
The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. Date published : 2018-07-13...
The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. Date published : 2018-07-13...
mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related...
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. Date published : 2018-07-13 https://seclists.org/bugtraq/2019/May/18 https://www.tenable.com/security/tns-2021-14
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. Date published : 2018-07-13 https://seclists.org/bugtraq/2019/May/18 http://seclists.org/fulldisclosure/2019/May/13
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. Date published : 2018-07-13 https://seclists.org/bugtraq/2019/May/18 https://www.tenable.com/security/tns-2021-14