Android stagefright libmpeg2 impeg2d_dec_user_data heap overflow
| CENSUS ID: | CENSUS-2016-0008 |
| CVE ID: | CVE-2016-0824 |
| Android ID: | 25765591 |
| Affected Products: | Android OS 6.0 — 6.0.1 |
| Class: | Out-of-bounds Read (CWE-125) |
| Discovered by: | Anestis Bechtsoudis |
Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.
GDCM out of bounds read in JPEGLSCodec :: DecodeExtent
| CENSUS ID: | CENSUS-2016-0002 |
| CVE ID: | CVE-2015-8397 |
| Affected Products: | Applications that use GDCM versions < 2.6.2 to process JPEG-LS images |
| Class: | Out-of-bounds Read (CWE-125) |
| Discovered by: | Stelios Tsampas |
Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM are listed here and here.
GDCM buffer overflow in ImageRegionReader :: ReadIntoBuffer
| CENSUS ID: | CENSUS-2016-0001 |
| CVE ID: | CVE-2015-8396 |
| Affected Products: | Applications using GDCM versions < 2.6.2 and the ImageRegionReader :: ReadIntoBuffer API call |
| Class: | Integer Overflow or Wraparound (CWE-190) |
| Discovered by: | Stelios Tsampas |
Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM are listed here and here.
Oracle WebCenter information exposure vulnerability
| CENSUS ID: | CENSUS-2014-0001 |
| CVE ID: | CVE-2014-0450 |
| Oracle Tracking #: | S0388414 (CPUApr2014) |
| Affected Products: | Oracle Fusion Middleware (versions 11.1.1.7 and 11.1.1.8) |
| Class: | Information Exposure (CWE-200), Privacy Violation (CWE-359) |
| Remote: | Yes |
| Discovered by: | Alex Zaharis |
| Researched by: | Alex Zaharis, Patroklos Argyroudis |
The Oracle WebCenter portal component in Oracle Fusion Middleware (versions 11.1.1.7 and 11.1.1.8) is vulnerable to an information exposure vulnerability. A malicious user may utilize this vulnerability to gain unauthenticated access to the list of valid usernames of the system, the users’ personal information and files linked to the users’ profiles.