Articles with tag: Advisories
POSTED BY: Anestis Bechtsoudis / 23.03.2016

Android stagefright libavc ih264d_decode heap overflow

CENSUS ID:CENSUS-2016-0003
CVE ID:CVE-2016-0816
Android ID:25928803
Affected Products:Android OS 6.0 — 6.0.1
Class:Out-of-bounds Write (CWE-787)
Discovered by:Anestis Bechtsoudis

Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.


POSTED BY: Anestis Bechtsoudis / 23.03.2016

Android stagefright libmpeg2 impeg2d_dec_user_data heap overflow

CENSUS ID:CENSUS-2016-0008
CVE ID:CVE-2016-0824
Android ID:25765591
Affected Products:Android OS 6.0 — 6.0.1
Class:Out-of-bounds Read (CWE-125)
Discovered by:Anestis Bechtsoudis

Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.


POSTED BY: Stelios Tsampas / 11.01.2016

GDCM out of bounds read in JPEGLSCodec :: DecodeExtent

CENSUS ID:CENSUS-2016-0002
CVE ID:CVE-2015-8397
Affected Products:Applications that use GDCM versions < 2.6.2 to process JPEG-LS images
Class:Out-of-bounds Read (CWE-125)
Discovered by:Stelios Tsampas

Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM are listed here and here.


POSTED BY: Stelios Tsampas / 11.01.2016

GDCM buffer overflow in ImageRegionReader :: ReadIntoBuffer

CENSUS ID:CENSUS-2016-0001
CVE ID:CVE-2015-8396
Affected Products:Applications using GDCM versions < 2.6.2 and the ImageRegionReader :: ReadIntoBuffer API call
Class:Integer Overflow or Wraparound (CWE-190)
Discovered by:Stelios Tsampas

Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM are listed here and here.