Search CVE reports

Toggle filters

181 – 190 of 521 results

CVE-2019-13312

Medium priority

Some fixes available 1 of 2

block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.

1 affected package

ffmpeg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Fixed Not affected
Show less packages

CVE-2019-12730

Medium priority

Some fixes available 2 of 4

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

1 affected package

ffmpeg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Not affected Fixed
Show less packages

CVE-2019-11339

Medium priority
Fixed

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via...

1 affected package

ffmpeg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Not affected
Show less packages

CVE-2019-11338

Low priority

Some fixes available 3 of 4

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly...

1 affected package

ffmpeg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Not affected Fixed
Show less packages

CVE-2019-9721

Medium priority
Fixed

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

1 affected package

ffmpeg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Fixed
Show less packages

CVE-2019-9718

Medium priority
Fixed

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format...

1 affected package

ffmpeg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Fixed
Show less packages

CVE-2019-1000016

Medium priority
Fixed

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be...

1 affected package

ffmpeg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Not affected
Show less packages

CVE-2018-18829

Medium priority
Needs evaluation

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.

5 affected packages

qtwebengine-opensource-src, vlc, gst-libav1.0, ffmpeg, libav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ffmpeg Not affected Not affected Not affected Not affected
libav Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-18828

Medium priority
Needs evaluation

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ffmpeg Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-18827

Medium priority
Needs evaluation

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

gst-libav1.0, qtwebengine-opensource-src, vlc, ffmpeg, libav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected
ffmpeg Not affected Not affected Not affected Not affected
libav Not in release Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 17
  3. 18
  4. 19
  5. 20
  6. 21
  7. Next page
Export to JSON