CVE search results

201 – 210 of 538 results

Detailed view

Sort by:

CVE-2019-11338

Low priority

Some fixes available 3 of 4

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly...

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	Not affected	Fixed

CVE-2019-9721

Medium priority

Fixed

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	—	Fixed

CVE-2019-9718

Medium priority

Fixed

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format...

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	—	Fixed

CVE-2019-1000016

Medium priority

Fixed

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be...

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	—	Not affected

CVE-2018-18829

Medium priority

Needs evaluation

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vlc	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-18828

Medium priority

Needs evaluation

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vlc	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-18827

Medium priority

Needs evaluation

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vlc	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-18826

Medium priority

Needs evaluation

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vlc	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-15822

Low priority

Fixed

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	Not affected	Fixed

CVE-2018-1999015

Medium priority

Needs evaluation

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted...

2 affected packages

ffmpeg, gst-libav1.0

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page:

Search CVE reports