Posted by Sandro Gauci via Fulldisclosure on Oct 24
Dear Full Disclosure community,
We’ve released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: “DTLS
‘ClientHello’ Race Conditions in WebRTC Implementations”.
Multiple security issues were found in libheif, a library to parse HEIF
and AVIF files, which could result in denial of service or potentially
the execution of arbitrary code.
Multiple security issues were found in Twisted, an event-based framework
for internet applications, which could result in incorrect ordering of
HTTP requests or cross-site scripting.