This issue is also known as V502.
CVE-2018-1000211
Jemalloc in the GNU C Library (aka glibc or libc6) before version 2.28, as used in Red Hat Enterprise Linux and other Linux distributions, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted size field in an XDR data structure with a different size or base to that expected for the data type.
CVE-2018-11791
The decode_brigade_header function in libavcodec/h264parse.c in FFmpeg through 3.2.2 has heap-based buffer overflow via a crafted start_code value in a BRIGADE header in H.264 video data.
CVE-2018-11792
The read_parameters function in libavcodec/h264parse.c in FFmpeg through 3.2.2 has a double-dbl_free buffer overflow via a malformed start_code value in a BRIGADE header in H.264 video data.
This was addressed in version 3.2.3.
CVE-2018-11793
The get_coding_type function in libavcodec/h264parse.c in FFmpeg through 3.2.2 has an out-of-bounds read during parsing of an SMPTE extension in
Mitigation strategies for CVE-2018-11793
The ReadParameters function in LibavCodec/h264parse.c in FFmpeg through 3.2.2 has serious out-of-bounds read vulnerability that allows an attacker to cause a denial of service or possibly have unspecified other impact via a malformed start_code value in a BRIGADE header in H.264 video data.
This was addressed in version 3.2.3
Timeline
Published on: 03/26/2022 13:15:00 UTC
Last modified on: 03/31/2022 01:06:00 UTC