Search CVE reports

Toggle filters

21 – 30 of 73 results

CVE-2018-13303

Low priority
Needs evaluation

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...

10 affected packages

chromium-browser, ffmpeg, gst-libav1.0, kino, mythtv...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Ignored Ignored Not in release Ignored
ffmpeg Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kino Not in release Needs evaluation Needs evaluation Needs evaluation
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release
libav Not in release Not in release Not in release Not in release
oxide-qt Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected
vlc Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2018-13302

Medium priority

Some fixes available 17 of 86

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...

10 affected packages

chromium-browser, ffmpeg, gst-libav1.0, kino, mythtv...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Ignored Ignored Not in release Ignored
ffmpeg Fixed Fixed Fixed Fixed
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kino Not in release Needs evaluation Needs evaluation Needs evaluation
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected
oxide-qt Not in release Not in release Not in release Not in release
vlc Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2018-13301

Low priority
Needs evaluation

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...

9 affected packages

chromium-browser, libav, gstreamer0.10-ffmpeg, vlc, gst-libav1.0...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Ignored Ignored Not in release Ignored
libav Not in release Not in release Not in release Not in release
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release
vlc Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ffmpeg Not affected Not affected Not affected Not affected
mplayer Not affected Not affected Not affected Not affected
oxide-qt Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2018-13300

Medium priority

Some fixes available 16 of 85

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...

10 affected packages

chromium-browser, ffmpeg, gstreamer0.10-ffmpeg, mplayer, vlc...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Ignored Ignored Not in release Ignored
ffmpeg Fixed Fixed Fixed Fixed
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected
vlc Not affected Not affected Not affected Not affected
kino Not in release Needs evaluation Needs evaluation Needs evaluation
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release
Show all 10 packages Show less packages

CVE-2018-10945

Medium priority
Not affected

The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the...

1 affected package

smplayer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
smplayer Not affected Not affected
Show less packages

CVE-2018-7751

Medium priority

Some fixes available 1 of 42

The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

7 affected packages

gst-libav1.0, mythtv, ffmpeg, libav, mplayer...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ffmpeg Not affected Not affected Not affected Fixed
libav Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected
oxide-qt Not in release Not in release Not in release Not in release
vlc Not affected Not affected Not affected Not affected
Show all 7 packages Show less packages

CVE-2015-1208

Medium priority
Ignored

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.

4 affected packages

ffmpeg, libav, mplayer, vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Not affected
libav Not in release
mplayer Not affected
vlc Not affected
Show less packages

CVE-2017-2922

Medium priority
Not affected

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which...

1 affected package

smplayer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
smplayer
Show less packages

CVE-2017-2921

Medium priority
Not affected

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and...

1 affected package

smplayer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
smplayer
Show less packages

CVE-2017-2909

Low priority
Not affected

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker...

1 affected package

smplayer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
smplayer
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON