Articles with tag: Advisories
POSTED BY: anestis / 25.07.2016

Android stagefright impeg2d_vld_decode stack buffer overflows

CENSUS ID:CENSUS-2016-0006
CVE ID:CVE-2016-0836
Android ID:25812590
Affected Products:Android OS 6.0 — 6.0.1
Class:Out-of-bounds Write (CWE-787)
Discovered by:Anestis Bechtsoudis

Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.


POSTED BY: anestis / 22.07.2016

Android stagefright impeg2d_dec_pic_data_thread integer overflow

CENSUS ID:CENSUS-2016-0005
CVE ID:CVE-2016-0835
Android ID:26070014
Affected Products:Android OS 6.0 — 6.0.1
Class:Integer Overflow (CWE-190) / Underflow (CWE-191)
Discovered by:Anestis Bechtsoudis

Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.


POSTED BY: anestis / 04.05.2016

Android stagefright ih264d_read_mmco_commands libavc heap overflow

CENSUS ID:CENSUS-2016-0004
CVE ID:CVE-2016-0842
Android ID:25818142
Affected Products:Android OS 6.0 — 6.0.1
Class:Out-of-bounds Write (CWE-787)
Discovered by:Anestis Bechtsoudis

Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.


POSTED BY: stelios / 30.03.2016

Kamailio SEAS module encode_msg heap buffer overflow

CENSUS ID:CENSUS-2016-0009
CVE ID:CVE-2016-2385
Affected Products:Kamailio 4.3.4 (and possibly previous versions)
Class:Heap-based Buffer Overflow (CWE-122)
Remote:Yes
Discovered by:Stelios Tsampas

Kamailio (successor of former OpenSER and SER) is an Open Source SIP Server released under GPL, able to handle thousands of call setups per second. Kamailio can be used to build large platforms for VoIP and realtime communications, presence, WebRTC, Instant messaging and other applications. It can also easily be applied to scaling up SIP-to-PSTN gateways, PBX systems or media servers.