Search CVE reports
91 – 100 of 332 results
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...
10 affected packages
chromium-browser, gst-libav1.0, kino, mplayer, mythtv...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| libav | Not in release | Not in release | Not in release | Not in release |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
Some fixes available 16 of 82
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...
10 affected packages
chromium-browser, gst-libav1.0, kino, mplayer, mythtv...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| libav | Not in release | Not in release | Not in release | Not in release |
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...
9 affected packages
gst-libav1.0, mplayer, mythtv, oxide-qt, chromium-browser...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| libav | Not in release | Not in release | Not in release | Not in release |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
Some fixes available 15 of 81
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...
10 affected packages
chromium-browser, gst-libav1.0, kino, mplayer, mythtv...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| libav | Not in release | Not in release | Not in release | Not in release |
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
1 affected package
libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | Not in release | Not in release |
An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
1 affected package
libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | Not in release | Not in release |
Some fixes available 1 of 2
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ffmpeg | — | — | — | Fixed |
| libav | — | — | — | Not in release |
Some fixes available 1 of 4
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | Not in release | Not in release |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly...
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ffmpeg | — | — | — | — |
| libav | — | — | — | — |
Some fixes available 1 of 4
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | Not in release | Not in release |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |